BEST VALUE 



BLANKET PURCHASE AGREEMENT 



SS00-08-40029 



FEDERAL SUPPLY SCHEDULE 



In the spirit of the Federal Acquisition Streamlining Act the SOCIAL SECURITY ADMINISTRATION 
(SSA) and Booz Allen Hamilton Inc (BAH) enter into a cooperative agreement to further reduce the 
administrative costs of acquiring commercial items from the General Service Administration (GSA) 
Mission Oriented Business Integrated Services (MOBIS) Schedule Contract Number GS-23F-9755H. 

The Schedule contract BPA's eliminate contracting and open market costs such as: search for sources; the 
development of technical documents, solicitations and the evaluation of bids and offers. Teaming 
Arrangements are permitted with GSA FSS contractors in accordance with Federal Acquisition Regulation 
(FAR) Part 9.6. 

This BP A will further decrease costs, reduce paperwork and save time by eliminating the need for 
repetitive, individual purchases from the schedule contract. The end result is to create a purchasing 
mechanism for the Government that works better and costs less. 



Signatures: // 
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BLANKET PURCHASE AGREEMENT 



A.1 Pursuant to GSA MOBIS Schedule number GS-23F-9755H, Blanket Purchase 

Agreements, the Contractor agrees to the following terms of a Blanket Purchase Agreement 
(BP A) exclusively with The Social Security Administration (SSA): 

A.l.l Specialized Advisory and Assistance Services: The contractor shall provide a range 
of information technology related advisory and assistance services, such as: 
management or strategy consulting; program planning, audits and evaluations; 
studies, analyses, scenarios, and reports relating to mission-oriented business 
programs or initiatives. All services provided shall be in accordance with Section B 
of this agreement and the terms of the Contractor's General Services Administration 
(GSA), Mission Oriented Business Integrated Services (MOBIS) Schedule Contract 
Number GS-23F-9755H. 

A. 1.2 Delivery and Place of Performance: Support Services provided under this BPA may 
be performed at the Social Security Administration's Headquarters in Woodlawn, 
Maryland, the contractor's site, and/or any other location as an individual task or call 
order may provide for. The delivery timetable shall be identified in the individual 
call orders placed against a task order issued against this BPA. 

A. 1.3 This BPA does not obligate any funds. The Government is obligated only to the 
extent of authorized purchases (Calls) actually made under this BPA. 

A.1.4 Professional services labor hour amounts necessary to meet order requirements will 
be defined prior to issuance through mutual agreement of the p arties. Task specific 
terms, conditions, prices, and periods of performance will be negotiated for each task 
order prior to services being ordered. Labor hour amounts under this BPA may be 
ordered in "not to exceed" amounts. 

A.1.5 This BPA will provide advisory and assistance services to multiple SSA component 
areas over a total potential term of five years. The Governmem: estimates, but does 
not guarantee that the total value of BPA Calls made by the Government over the full 
potential term will be approximately $50,000,000.00. 

A.1.6 This BPA expires at the end of the current GSA MOBIS schedule contract period 
09/30/2012. However, orders may be placed against this BPA upon the issuance of 
an extension to the current GSA MOBIS Schedule contract or for a period up to and 
including 60 months from the award date of this BPA. In cases where a period of 
performance spans two contract years with escalating labor ratss, the initial rate at 
time of award shall remain in effect for the entire period of performance. 

A.1.7 The Contracting Officer will place funded Calls against this BPA from the SSA 
Office of Acquisition and Grants (OAG). No other persons or entities may place 
orders against this BPA. Unless otherwise agreed to, all deliverables under this BPA 
must be accompanied by delivery tickets or sales slips that must contain the following 
information at a minimum: 

• Name of contractor; 

• BPA number; 

• Date of Task Order; 
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• Task Order Number (BPA "Call" #); 

• Period of Performance; 

• Current and Cumulative costs; and 

• Accounting of direct labor charges by showing labor category, individual name 
of employee, hours worked (separate columns for regular and overtime hours) 
and direct loaded labor rate per hour charged for each task order assigned; 

A.1.8 The requirements of a proper invoice are as specified in Sect: on C.14. Invoices 
shall be submitted to the following address: 

If Sent By Mail 

Social Security Administration 

Office of Finance 

Post Office Box 47 

Baltimore, Maryland 21235-0047 
If Hand carried 

Social Security Administration 

Office of Finance 

Customer Service help desk 

2-B-4 East Low Rise Building 

6401 Security Blvd. 

Baltimore, MD 21235-0047 

The telephone number of the Supervisor, Administrative Payments Operations 
Branch is 410-965-0607. 

A.1.9 Taxpayer Identification Number (TIN). To assist the Government in making timely 
payments pursuant to the requirements of FAR 52.232-25, it is requested that you 
include your TIN on each invoice. The terms and conditions included in this BPA 
apply to all purchases made pursuant to it. In the event of an inconsistency between 
the provisions of this BPA and the Contractor's invoice, the provisions of this BPA 
will take precedence. Remittance information associated with EFT payments is now 
available via the payment advice internet delivery (paid) systsm on the Department 
of Treasury's internet site at http://fms.treas.gov/paid/index.a sp. This site provides 
an explanation of the system, how it works, security and access information, a user 
demonstration, and registration information. There is no cha-ge to use the paid 
system through a link on the site. You may also direct payment inquiries to SSA's 
Office of Finance, Customer Service help desk at 410-965-0607, send an e-mail to 
payment. inquiries@ssa. gov , or visit its internet site at http://www.ssa.gov/vendor . 
You may also access the paid system through a link on this site. 

A.l.lOOther terms and conditions specific to this BPA and all subsequently issued task 
orders can be found at Section C of this agreement. 
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Social Security Administration (SSA) 

SS00-08-40029 

Blanket Purchase Agreement (BPA) for Specialized 
Advisory and Assistance Services 

Section A- Introduction and Pricing Tables 



A.l Introduction: 



The contractor shall provide SSA with specialized advisory and assistance services. These 
services shall include providing expert advice, assistance, and guidance in support of SSA's 
mission oriented business functions, especially those activities related to the continued and 
expanding use of Information Technology (I.T.) products and services to meet SSA's growing, 
complex mission(s). Specific examples of such services include I.T. related management or 
strategy consulting; program planning, audits and evaluations; studies, analyses, scenarios, and 
reports relating to mission-oriented business programs or initiatives. The sei-vices required under 
this BP A are described in Section B of the Statement of Work. 

The Government will award either a Firm Fixed Price or Labor Hour type Call against this Blanket 
Purchase Agreement (BPA), with fixed hourly rates, based on the labor categories in the BPA. 
Labor hour amounts under this BPA may be ordered in "not to exceed" amounts. 

A.2 Pricing Table 

See Attachment A Pricing Table Section A.2.1 - Section A.2. 5 




L:\035334\Excel\ 
BAHBPAPL.xls 
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ATTACHMENT A - BPA PRICING TABLE 

SECTION A.2.1 - BPA YEAR 1 - SEPTEMBER 15, 2008 - SEPTEMBER 14, 2009 



(b)(4) 



MOBIS 
CLIN 


MOBIS LABOR CATEGORY 


MOBIS LABOR 
HOUR UNIT PRICE - 
YEAR 1 - 
CONTRACTOR'S 

CITE 


6 


Consultant 


$66.40 


8 


SuDDort Staff 


$56.94 


g 


Analyst 


$85.68 


10 


Analyst 1 


$115.29 


11 


ni luiy si £- 


$158.27 


12 


Functional Soecialist 


$151.25 


13 


Functional Specialist 1 


$193.56 


14 


Functional Soecialist 2 


$273.97 


15 


Manaaement Consultant 

I ■ I U 1 I UU III ML "h^ I 1 *J U 1 LU III 


$85.68 


16 


Management Consultant 1 


$140.68 


17 


Management Consultant 2 


$181.93 


18 


Program Director/Senior Advisor 


$330.01 


19 


Functional/Subject Matter Expert 


$355.33 


20 


Program Manager 


$259.64 


21 


Project Manager 


$230.50 


22 


Senior Task lead 


$224.24 



(b)(4)|| 



MOBIS LABOR CATEGORY 


MOBIS LABOR 

i i ys. i in i iilI it r~i i~v I if"- r™ 

HOUR UNIT PRICE 
- YEAR 1 - SSA 
SITE 


Consultant 


$66.40 


Support Staff 


$56.94 


Analyst 


$85.68 


Analyst 1 


$1 15.29 


Analyst 2 


$158.27 


Functional Specialist 


$151.25 


Functional Specialist 1 


A 4 Ol EC 

$190.00 


Functional Specialist 2 


$273.97 


Management Consultant 


$85.68 


ivianciycnicni ^unsuiidm i 


tijn eg 
9 1 4U.0B 


Management Consultant 2 


$161.93 


Program Director/Senior Advisor 


$330.01 


Functional/Subject Matter Expert 


$355.33 


Program Manager 


$259.64 


Project Manager 


$230.50 


Senior Task lead 


$224.24 



(b)(4) 



MOBIS 
CLIN 


MOBIS LABOR CATEGORY 


MOBIS LABOR 
HOUR UNIT PRICE - 
YEAR 1 - 
CONTRACTOR'S 
SITE 


23 


Task Lead 


$166.06 



(b)(4)" 





MOBIS LABOR 


MOBIS LABOR CATEGORY 


HOUR UNIT PRICE 




- YEAR 1 - SSA 




SITE 


Task Lead 


$166.06 



(b)(4) 



SECTION A.2.2 - BPA YEAR 2 - SEPTEMBER 15, 2009 - SEPTEMBER 14, 2010 

[3 



MOBIS 
n in 


MOBIS LABOR CATEGORY 


MOBIS LABOR 
HOUR UNIT PRICE - 
YEAR 1 - 
CONTRACTOR'S 
SITE 


6 


Consultant 


$68.92 


8 


Support Staff 


$59.10 


9 


Analyst 


$88.93 


10 


Analyst 1 


$119.67 


11 


Analyst 2 


$164.28 


12 


Functional Specialist 


$157.00 


13 


Functional Specialist 1 


$200.92 


14 


Functional Specialist 2 


$284.38 


15 


Management Consultant 


$88.93 


16 


Management Consultant 1 


$146.02 


17 


Management Consultant 2 


$188.84 


18 


Program Director/Senior Advisor 


$342.55 


19 


Functional/Subject Matter Expert 


$368.83 


20 


Program Manager 


$269.51 


21 


Project Manager 


$239.26 


22 


Senior Task lead 


$232.76 


23 


Task Lead 


$172.37 
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MOBIS 


MOBIS LABOR CATEGORY 


MOBIS LABOR 
HOUR UNIT PRICE 

- TCMI\ 1 - OOtt 

SITE 


I 6 


Consultant 


$68.92 


8 


Support Staff 


$59.10 


9 


Analyst 


$88.93 


10 


Analyst 1 


$119.67 


11 


Analyst 2 


$164.28 


12 


Functional Specialist 


$157.00 


13 


Functional Specialist 1 


$200.92 


14 


Functional Specialist 2 


$284.38 


15 


Management Consultant 


$88.93 


16 


Management Consultant 1 


$146.02 


I 17 


Management Consultant 2 


$188.84 


18 


Program Director/Senior Advisor 


$342.55 


19 


Functional/Subject Matter Expert 


$368.83 


20 


Program Manager 


$269.51 


21 


Project Manager 


$239.26 


22 


Senior Task lead 


$232.76 


23 


Task Lead 


$172.37 



(b)(4) 



SECTION A.2.3 - BPA YEAR 3 - SEPTEMBER 15, 2010 - SEPTEMBER 14, 2011 



MOBIS 
CLIN 


MOBIS LABOR CATEGORY 




MOBIS LABOR 
HOUR UNIT PRICE - 
YEAR 1 - 
CONTRACTOR'S 
SITE 


6 


Consultant 


$71.54 


8 


Support Staff 


$61.35 


9 


Analyst 


$92.31 


10 


Analyst 1 


$124.22 


11 


Analyst 2 


$170.52 


12 


Functional Specialist 


$162.97 


13 


Functional Specialist 1 


$200.55 


14 


Functional Specialist 2 


$295.19 


15 


Management Consultant 


$92.31 


16 


Management Consultant 1 


$151.57 


17 


Management Consultant 2 


$196.02 


18 


Program Director/Senior Advisor 


$355.57 


19 


Functional/Subject Matter Expert 


$382.85 


20 


Program Manager 


$279.75 


21 


Project Manager 


$248.35 


22 


Senior Task lead 


$241.60 


23 


Task Lead 


$178.92 



4 



MOBIS 
CLIN 


MOBIS LABOR CATEGORY 


MOBIS LABOR 
HOUR UNIT PRICE 
- YEAR 1 - SSA 
SITE 


6 


Consultant 


$71.54 


8 


Support Staff 


$61.35 


9 


Analyst 


$92.31 


10 


Analyst 1 


$124.22 


11 


Analyst 2 


$170.52 


12 


Functional Specialist 


$162.97 


13 


Functional Specialist 1 


$208.55 


14 


Functional Specialist 2 


$295.19 


15 


Management Consultant 


$92.31 


16 


Management Consultant 1 


$151.57 


17 


Management Consultant 2 


$196.02 


18 


Program Director/Senior Advisor 


$355.57 


19 


Functional/Subject Matter Expert 


$382.85 


20 


Program Manager 


$279.75 


21 


Project Manager 


$248.35 


22 


Senior Task lead 


$241.60 


23 


Task Lead 


$178.92 



(b)(4) 



SECTION A.2.4 - BPA YEAR 4 - SEPTEMBER 15, 2011 - SEPTEMBER 14, 2012 

[Si 



MOBIS 
CLIN 


MOBIS LABOR CATEGORY 


MOBIS LABOR 
HOUR UNIT PRICE - 
YEAR 1 - 
CONTRACTOR'S 
SITE 


6 


Consultant 


$74.26 


8 


Support Staff 


$63.68 


9 


Analyst 


$95.82 


10 


Analyst 1 


$128.94 


11 


Analyst 2 


$177.00 


12 


Functional Specialist 


$169.16 


13 


Functional Specialist 1 


$216.47 


14 


Functional Specialist 2 


$306.41 


15 


Management Consultant 


$95.82 


16 


Management Consultant 1 


$157.33 


17 


Management Consultant 2 


$203.47 


18 


Program Director/Senior Advisor 


$369.08 


19 


Functional/Subject Matter Expert 


$397.40 


20 


Program Manager 


$290.38 


21 


Project Manager 


$257.79 


22 


Senior Task lead 


$250.78 


23 


Task Lead 


$185.72 
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MOBIS 
CLIN 


MOBIS LABOR CATEGORY 


9YIUDIO LnDUn 

HOUR UNIT PRJCE 
- YEAR 1 - SSA 
SITE 


6 


Consultant 


$74.26 


8 


Support Staff 


$63.68 


9 


Analyst 


$95.82 


10 


Analyst 1 


$128.94 


11 


Analyst 2 


$177.00 


12 


Functional Specialist 


$169.16 


13 


Functional Specialist 1 


$216.47 


14 


Functional Specialist 2 


$306.41 


15 


Management Consultant 


$95.82 


16 


Management Consultant 1 


$157.33 


17 


Management Consultant 2 


$203.47 


18 


Program Director/Senior Advisor 


$369.08 


19 


Functional/Subject Matter Expert 


$397.40 


20 


Program Manager 


$290.38 


21 


Project Manager 


$257.79 


22 


Senior Task lead 


$250.78 


23 


Task Lead 


$185.72 



(b)(4) 



SECTION A.2.5 - BPA YEAR 5 - SEPTEMBER 15, 2012 - SEPTEMBER 14, 2013 



MOBIS 
CLIN 


MOBIS LABOR CATEGORY 


MARIQ I fiDnp 

1VI4-/DIO LnDUn 

HOUR UNIT PRICE - 
YEAR 1 - 
CONTRACTOR'S 
SITE 


6 


Consultant 


$76.86 


8 


Support Staff 


$65.91 


9 


Analyst 


$99.17 


10 


Analyst 1 


$133.45 


11 


Analyst 2 


$183.20 


12 


Functional Specialist 


$175.08 


13 


Functional Specialist 1 


$224.05 


14 


Functional Specialist 2 


$317.13 


15 


Management Consultant 


$99.17 


16 


Management Consultant 1 


$162.84 


17 


Management Consultant 2 


$210.59 


18 


Program Director/Senior Advisor 


$382.00 


19 


Functional/Subject Matter Expert 


$411.31 


20 


Program Manager 


$300.54 


21 


Project Manager 


$266.81 


22 


Senior Task lead 


$259.56 


23 


Task Lead 


$192.22 
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MOBIS 

r**l IM 
L L! IN 


MOBIS LABOR CATEGORY 


MOBIS LABOR 
HOUR UNIT PRICE 

VCAD A CCA 

- I tMK 1 - OOrt 

SITE 


6 


Consultant 


$76.86 


8 


Support Staff 


$65.91 


9 


Analyst 


$99.17 


10 


Analyst 1 


$133.45 


11 


Analyst 2 


$183.20 


12 


Functional Specialist 


$176.08 


13 


Functional Specialist 1 


$224.05 


14 


Functional Specialist 2 


$317.13 


15 


Management Consultant 


$99.17 


16 


Management Consultant 1 


$162.84 


17 


Management Consultant 2 


$210.59 


18 


Program Director/Senior Advisor 


$382.00 


19 


Functional/Subject Matter Expert 


$411.31 


20 


Program Manager 


$300.54 


21 


Project Manager 


$266.81 


22 


Senior Task lead 


$259.56 


23 


Task Lead 


$192.22 



(b)(4) 



Social Security Administration (SSA) 

SS00-08-40029 

Blanket Purchase Agreement (BP A) for 
Specialized Advisory and Assistance Services 

Section B - Statement of Work 



B.l Introduction 



The purpose of this Blanket Purchase Agreement (BPA) is to establish a contract vehicle between 
Social Security Administration (SSA) and Booz Allen Hamilton for strategic-level expert advice, 
assistance, and support of SSA's mission oriented information technology (I.T.) business functions 
and initiatives. All services provided under the BPA shall be in accordance with Section B of this 
Agreement and the terms of the Contractor's General Services Administration (GSA), Mission 
Oriented Business Integrated Services (MOBIS) Schedule Contract Number GS-23F-9755H. 

Services under this BPA will be provided to multiple programmatic areas within the Social 
Security Administration that are highly served by the Agency's I.T. infrastructure; including but 
not limited to, the SSA Offices of Telecommunications Systems Operations (OTSO), Office of 
Applications and Supplemental Security Income Systems (OASSIS), Office of Disability 
Systems (ODS), Office of Enterprise Support Architecture & Engineering (OESAE), as well as 
SSA's Office of Chief Information Officer (OCIO) . 

B.2 Background 

SSA is responsible for administering national social insurance programs and social welfare 
programs, and for providing operational systems support to other Federal and State agencies. 
SSA programs provide Retirement, Survivors and Disability Insurance (RSDI) benefits to 
workers and their dependents or survivors to offset loss of income due to retirement, death, or 
disability; black lung benefits; and Supplemental Security Income (SSI) payments to the aged, 
blind and disabled. 

SSA also provides support to programs sponsored and administered by other Government 
agencies including Medicare, Energy and Emergency Assistance, Food Stamps for SSI 
Recipients, Refugee Assistance Program and the Repatriated Citizens Loan Program. 

Social Security touches the lives of all Americans, young and old alike. This year over 17 
million people will receive a new or reissued Social Security Card, many of them will be infants. 
Approximately 163 million workers will work in jobs covered by Social Security' provisions for 
Retirement, Survivors & Disability benefits, and more than 54 million individuals will receive 
monthly benefit payments. 

We anticipate that the principal business functions of SSA (e.g., assign social security numbers, 
record annual wages, adjudicate claims for benefits, maintain benefit records, and respond to 
requests for information) will increase over the next decade due to the influx of over 70 million 
baby boomers. Because workloads in most critical areas will increase, SSA will continue to rely 
heavily on increased use of automation. SSA's systems — consisting of hardware, software, 
databases, and telecommunications networks — will be enhanced to satisfy the need for improved 
customer support and to achieve long-range Agency objectives. This is particularly true in the 
Internet environment. 

SSA is committed to improve productivity and customer service quality through technical 
innovation. SSA's deployment of state-of-the-art hardware and software will provide SSA 
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employees with the tools that will allow them to deliver world-class service to citizens. The 
hardware and software technologies from which SSA will be able to choose to reengineer and to 
build the future information systems architecture, presents a major challenge. That challenge 
will be to select the best combination of hardware and software components that will meet the 
information systems requirements of the Agency at a reasonable cost. 

Contractor services under this BPA will include providing expert advice, assistance, and 
guidance in support of SSAs mission oriented business functions, especially those activities 
related to the continued and expanding use of Information Technology (I.T.) products and 
services to meet SSA's growing, complex mission(s). The primary customers of these services 
are SSA component offices responsible for the maintenance, development, and evolution of the 
Agency's information technology and telecommunications capabilities, as well as other offices 
that perform programmatic functions that are greatly impacted by these capabilities. Below are 
the customers within the Agency as well as principal sub components, and their respective 
missions that are affected by the above services: 

B.2.1 The Office of Chief Information Officer's (OCIO) mission is to define the Information 
Technology (IT) vision and strategy for the Social Security Administration, ensuring its 
alignment with the Agency's strategic plan, business strategy, budget, security and 
architecture. In order to carry out this mission, the OCIO works in close collaboration 
with SSA's Offices of Systems; Disability and Income Security; Finance, Assessment and 
Management; Operations and other SSA components as well as with OMB and other 
Federal Agencies. Protecting the information and information infrastructure of SSA is 
the responsibility of the Chief Information Officer and implemented/managed through the 
Office of Information Technology Security Policy. This office is responsible for the 
implementation of an agency- wide IT security program as required by the Federal 
Information Security Management Act (FISMA) and other Federal directives, and is 
responsible for directing and managing SSA's overall information systems security 
program, to protect the availability of SSA's computer systems, the integrity of business 
operations, and the confidentiality of sensitive information. 

B.2.2 Office of Systems (OS) - Within the Office of Systems are several major components, 
each with specific responsibilities. The following components envision using services 
under this BPA: 

B.2.2.1 The Office of the Deputy Commissioner of Systems (ODCS) directs the 

conduct of systems and operational integration and strategic planning processes, 
and the implementation of a comprehensive systems configuration management, 
data base management and data administration program. Initiates software and 
hardware acquisitions for SSA and oversees software and hardware acquisition 
procedures, policies and activities. Directs the development of operational and 
programmatic specifications for new and modified systems, and oversees 
development, validation and implementation phases. 

B.2.2.2 The Office of Applications and Supplemental Security Income Systems 
(OASSIS) directs, develops and coordinates information technology 
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requirements, application programs and management information systems for new 
and modified systems. OASSIS validates computer programs that are part of 
SSA's large, integrated, programmatic systems against user-defined requirements 
and performance criteria, and approves the resulting system for operational 
acceptance. It develops procedures and instructions to support user needs in 
effective implementation of all systems. 

B.2.2.3 The Office of Disability Systems (ODS) supports the Agency's disability 

program by providing customer-focused, state-of-the-art information technology 
service with speed, quality, and creativity. ODS shares responsibility for the 
implementation of SSA's new Intelligent Disability program that will comprise a 
Simplified & Strengthened Architecture, synchronize with Health Information 
Technology advancements, use Intelligent Analysis, expand use of 
Compassionate Allowances, and incorporate External Accesses for data exchange. 
An effort of this magnitude requires very detailed and comprehensive analysis, 
and participation of all stakeholders. Development of an inclusive and 
participatory process is one of the keys to success. Open and frequent 
communications must be employed. Resource needs must be carefully evaluated 
and fully staffed to ensure the success of the various portions of the system. 
Experts in systems development and architecture need to be working closely with 
experts in Disability Determination Service (DDS) business processes, parent 
agency processes, fiscal requirements, health information technology, healthcare 
industry, and other key arenas. Intelligent Disability will require ongoing IT 
expertise and technical support services across several broad categories: IT 
Strategic Planning, IT Systems Analysis, Financial Management Solutions, IT 
Program Management, IT System Security, and Health Information Technology. 

B.2.2.4 The Office of Enterprise Support Architecture & Engineering (OESAE) 

develops, maintains and procures software systems to support SSA's process to 
establish and maintain records of workers' lifetime earnings and employer 
information, and those processes that use earnings information. 

• SSA's enumeration process, Social Security Number verification 
processes and processing of Death Data. 

• Development of Agency- wide management information (MI). 

• SSA's processes that ensure the integrity of its programmatic systems. 

• SSA's ability to measure, control and track its workloads, and 

• Administrative processes (financial, human resource, etc.) that ensure the 
continuity of SSA's operations. 

OESAE also leads the exchange of data with other Federal and State Agencies 
and private organizations; provides security services to OEEAS; and provides a 
wide variety of technology support services to users inside and outside of the 
Office of Systems. 

B.2.2.5 The Office of Retirement and Survivors Insurance Systems (ORSIS) is 
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responsible for both programmatic and management information applications 
through each stage of the systems life-cycle, including: determining automation 
solutions for user needs; developing software specifications; designing and 
developing software programs; testing and validating systems against user- 
defined requirements; conducting post-implementation reviews; implementing 
security standards; and maintaining a comprehensive, updated and integrated set 
of systems requirements, specifications and software documentation. These 
activities support the Nation's Retirement and Survivors Insurance program and 
Medicare enrollment, including initial claims, post-entitlement, payments, audit, 
integrity review, Treasury operations and notices. ORSIS designs, develops, 
coordinates and implements new or redesigned software to meet SSA's 
automation needs in the broad area of Title II programmatic processes for such 
areas as earnings, eligibility/entitlement, pay/computations and debt management. 
The Office is responsible for long-range planning and analysis to modify existing 
systems and define new systems for ORSIS in support of the Agency's mission 
and operational and management information needs. ORSIS evaluates the effect 
of proposed legislation, policies, regulations and management initiatives to 
determine the impact on these systems and develops requirements and procedures 
to implement required changes. 

B.2.2.6 The Office of Systems Electronic Services (OSES) provides American citizens, 
businesses and government with self-service applications that are extremely 
secure, highly rated and easy to use. OSES designs, develops and maintains e- 
Government framework components of the architecture for data interface, 
security, authentication, management information, audit and messaging objects. 
OSES researches, evaluates and analyzes current and emerging technologies 
relevant to SSA's e-Government architecture. 

B.2.2.7 The Office of Telecommunications and Systems Operations (OTSO) is 

responsible for the planning, acquisition, implementation and operation of 
computer systems in support of the Social Security Administration. It provides 
software support, hardware support, telecommunications support, production and 
operations control and integration/environmental testing of IT systems to improve 
and modernize SSA's computer systems. OTSO performs capacity allocation 
analysis, monitors usage and determines future requirements based upon future 
workload information. It develops technical policies and procedures for the 
acquisition of computer systems, software and services in compliance with 
procurement regulations. OTSO also develops policies concerning the security 
and usage of computer systems located at the National Computer Center (NCC). 
OTSO serves as liaison with SSA components, other Government agencies and 
organizations regarding operational and security issues. 

B.2.3 The Office of Retirement and Disability Policy (ORDP) is the organization that directs 
and manages the planning, development, issuance and operational regulations, standards 
and instructions for the Retirement Survivors Insurance (RSI), Disability Insurance (DI), 
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Supplemental Security Income (SSI) and international SSA programs. ORDP's mission 
is to: 

• Develop the Agency's regulations designed to administer all SSA programs. 

• Develop program instructions and forms necessary for the Agency's operating 
personnel to administer all SSA programs, and direct all systems activities 
supporting the Agency's electronic programmatic instructional system. 

• Design and develop initiatives and programs to promote the employment of 
beneficiaries with disabilities. 

• Develop demonstrations and studies, which provide recommendations on 
program improvements. 

• Assess the programmatic policy development processes to identify and 
recommend technology improvements and enhancements, and at the Agency 
level, develop and prioritize technology initiatives and/or funding that impact 
the Agency's programmatic policy development process. 

Within ODRP the Office of Disability Programs plans, develops, evaluates and issues 
substantive regulations, policies, and procedures for the SSA-administered disability 
programs; develops and promulgates policies and guidelines for use by State, Federal or 
private contractor providers which implement the disability provisions of the Social 
Security Act, as amended; evaluates the effects of proposed legislation and legislation 
pending before Congress to determine the impact on the disability programs; and ensures 
that interrelated policy areas are coordinated. 

B.3 Scope 

There are four general areas that task orders will be issued under this BPA: 

1) Strategic Technology Planning 

2) I.T. Project Management Support 

3) I.T. related Business Support Services 

4) Systems Security Advisory Services 

B.3.1 Strategic Technology Planning 

B.3.1.1 Evolution Planning and Analysis - Identify existing or emerging technological 
challenges to satisfy mission goals and objectives. Provide strategic planning 
and guidance on the evolution of business processes and system architectures, 
and the adoption of new technologies. Perform industry analyses through 
research, investigation of best practices and product, price benchmarks, cost 
estimation and modeling. Provide guidance on the evolution of major systems 
architectures and the adoption of new technologies. Develop enterprise 
architecture alternatives and provide support for establishing enterprise 
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technology policies and architectural direction to achieve strategic technology 
best value. 



B.3.1.2 Technology Evaluation Support Services - Perform industry analyses through 
research, investigation of best practices and product and price benchmarks. 
Provide expert technical advice, assistance, and support for evaluating 
appropriate existing and/or emerging technologies, products, and services; 
consider the long-term and broad range needs of the government; develop 
prototypes and conduct proof of concept feasibility studies. Conduct 
independent review and testing of acquired technologies to ensure the 
technical quality and programmatic suitability of delivered systems and 
products. 



B.3.1.3 Project Planning - Develop Project Descriptions, Justifications, Performance 
Goals and Key Measures to ensure project success. 



B.3.2 Information Technology Management Support 

B.3.2.1 Technology Management Support Services - Provide conflict-free advice and 
support for establishing technology policies. Provide architectural direction to 
achieve technology best value. Assist SSA in managing, coordinating, and 
acting as liaison between all parties to ensure program or system success. 

B.3.2.2 Project Management support to Program Offices in all phases of new 

technology establishment including development, acquisition, deployment and 
operations. 

B.3.2.2.1 Resource Management - Provide support in coordinating 

resources and project management activities between multiple 
governmental and private sector stakeholder groups. 

B.3.2.2.2 Performance Management 

B.3.2.2.3 Risk Management - Provide independent analyses and assistance 
in managing risk from existing or new vulnerabilities or from 
adoption of new technologies and processes. Provide analyses 
and assistance in the identification and management of risk in 
existing technological environments as well as risks associated 
with the adoption of new technologies and/or processes. 

B.3.2.2.1 Contract Administration and Service Level Agreement (SLA) 
monitoring 



B.3.2.2 Strategic Information Technology Training- Assist Agency efforts in the 
development and conduct of appropriate training for Agency personnel in 
areas such as strategic management of I.T resources, strategic modeling and 
business planning and high-level I.T. security issues. 



B.3.3 Business Support Services 
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B.3.3.1 Business Decision Support - Provide support in planning for and transition to 
new, updated, and/or modified technologies, systems, and related programs. 
This support shall include Business Process Modeling/ Predictive Modeling 
(using tools and practices such as IBM WBM (WebSphere Business modeler, 
Rational Software Architect and Rational Data Architect, Unified Modeling 
Language (UML), RequisitePro 
B.3.3.1. 1 Modeling "as-is" processes 

B.3.3.1.2 Modeling and benchmarking industry and government "best 
practices" 

B.3.3.1.3 Providing recommendations 

B.3.3.2 Capital Planning Support 

B.3.3.2.1 Cost Benefit Analysis (CBA)- including identification of items 
such as administrative benefits, productivity, and work year 
savings, programmatic savings. CBA activities should include 
the following: 

• Risk- Adjusted Life Cycle Cost Estimates (LCCE) 

• Qualitative Functional Deployment (QFD) in which fully 
monetized benefits could be more precisely identified. 

• Value Measuring Methodology (VMM) compliant with 
guidance from OMB, and prescribed as a best practice by 
the CIO Council. 

B.3.3.2.2 OMB 300 Capital Planning support, including OMB's Enterprise 

Architecture Assessment Framework 
B.3.3.2.3 IT Portfolio Planning Support 

B.3.3.2.4 Electronic Capital Planning and Investment Control (eCPIC) 
support 

B.3.3.2.5 Earned Value Management support 
B.3.3.2.6 OMB Alternatives Analysis 

B.3.3.3 Acquisition Support - Perform analyses and research in support of the 

acquisition of technologies and services. Support development of the full 
range of acquisition and procurement documents such as Statements of Work 
(SOW), evaluation criteria, and independent Government cost estimates. 
When appropriate provide support for vendor selection, including potential 
participation as advisors to or members of evaluation panels. 



B.3.4 Systems Security Advisory Services 

B.3.4.1 Provide ongoing assistance to the Agency CIO and other I.T. security 

components in the development and administration of effective and efficient 

I.T. security polices, metrics, and procedures. 
B.3.4.2 Systems Security Audits, Security Analysis & Report (Certification & 

Accreditation, Security Plans and Self-Assessments). 
B.3.4.3 Independent Validation and Verification - Conduct independent review and 

testing of acquired technologies to ensure the technical quality and 
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programmatic suitability of delivered systems and products. 
B.3.4.4 Perform Risk Analysis, and when appropriate help develop Risk Management, 
Risk Avoidance and Risk Mitigation Strategies. 

B. 4 Place of Performance 

Performance of the tasks under this BPA will be defined at the task order level. Some 
tasks orders may require Contractor travel to remote SSA sites and facilities. All travel 
must be pre-approved by the Government, and will be reimbursed at actual costs in 
accordance with applicable Federal travel regulations and in Section C. 15 of the BPA. 

B. 5 Period of Performance 

Orders may be placed against this BPA for a period up to and including 60 months from 
the award date of this BPA, provided the contractor maintains its current GSA FSS 
contract (including exercised option periods). Individual task orders under this BPA shall 
have individually defined periods of performance, each not to exceed on- year in duration. 

B. 6 Government Furnished Equipment, Workspace, and Information 

SSA will provide space for on-site conferences/meetings between SSA personnel and the 
Contractor Support Services team(s) to facilitate performance of the BPA and its 
individual tasks. If required, Government will provide computer equipment and office 
software normally used by SSA for the purpose of work performed by the Contractor 
under this BPA. Provisioning and coordination of Other Government Furnished 
Equipment (GFE) shall be provided on an as required basis. Information and 
documentation relevant to the specified tasks will be provided or made available as 
appropriate. Furnishing Government information or access to Government systems may 
require Contractor personnel to sign confidentiality and/or non-disclosure agreements. 
The provisioning and coordination of Government Furnished Equipment, Workspace, 
and Information is the responsibility of each task's respective COTR, and shall be 
defined in the documentation provided with each individual task order. 

Other than general office support equipment and software noted above, the Contractor 
shall ensure that personnel working on this order shall have the equipment, software and 
tools routinely used in industry to accomplish their assigned tasks. 

B.7 Deliverables 

All reports or other written deliverables shall be submitted in the format and media specified at 
the task order level. For all deliverables the Contractor shall implement effective document 
management to include version control and comment resolution such that each release has clear 
inventory of comments that were accepted / rejected as part of the version. 

All deliverables will be made available at the place and time and to the COTR (or designee) 
defined in the task order. All work papers and deliverables produced for this project are the 
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property of SSA. Reports and other documents produced under this contract shall be considered 
"sensitive but unclassified" and must be appropriately protected, unless otherwise designated at 
the task order level. 

The task order COTR will have the right to reject or require correction of any 
deficiencies found in deliverables. In the event of rejection of a deliverable, the COTR 
will notify the Contractor in writing as to the specific reason why the deliverable is being 
rejected. Deficiencies (major or minor) are identified as follows: 

• Major revisions include content additions and deletions, substantial 
reorganization of report contents including moving material into 
appendices and attachments, adding explanatory charts and figures, 
replacing several paragraphs that are poorly worded or may be misread, 
and similar corrections. These major corrections shall be made by the 
Contractor within ten working days of notice by the Government. 

• Minor revisions are considered essentially editorial and may be requested 
orally. They include such items as: typographic errors, formatting (e.g. 
failure to use an appropriate table of contents, lack of page numbers and 
dates, graphics too small to be readable), poor writing style and similar. 
These minor editorial corrections shall be corrected by the Contractor 
within five working days of notice by the Government. 
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C.l FAR 52.204-9 -- Personal Identity Verification of Contractor Personnel. (SEPT 2007) 

(a) The Contractor shall comply with agency personal identity verification procedures identified in 
the contract that implement Homeland Security Presidential Directive- 12 (HSPD-12), Office of 
Management and Budget (OMB) guidance M-05-24 and Federal Information Processing Standards 
Publication (FIPS PUB) Number 20 1 . 

(b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to 
have routine physical access to a Federally-controlled facility and/or routine access to a Federally- 
controlled information system. 

C.2 FAR 52.227-22 - Major System - Minimum Rights (Jun 1987) 

Notwithstanding any other provision of this contract, the Government shall have unlimited rights in 
any technical data, other than computer software, developed in the performance of this contract and 
relating to a major system or supplies for a major system procured or to be procured by the 
Government, to the extent that delivery of such technical data is required as an element of 
performance under this contract. The rights of the Government under this clause are in addition to 
and not in lieu of its rights under the other provisions of this contract. 

C.3 Earned Value Management System. 

(The Social Security Administration (SSA) has developed an Earned Value Management System 
(EVMS) for the work to be performed under this BPA. Therefore, the contractor is not required to 
develop an EVMS for this BPA. However, if directed by the Government the Contractor shall be 
required to participate with the SSA's EVMS for the work to be performed under this contract. 

To participate in the SSA's EVMS the contractor shall provide all reports and data requested by the 
Government, and shall ensure that its subcontractors participate in the SSA's EVMS by submittal of 
any required data. Any subsequent changes to the information submitted by the Contractor in 
support of the Agency's EVMS shall require prior written approval of the Contracting Officer. The 
Contractor shall provide access to all pertinent records and data requested by the Contracting 
Officer as necessary to ensure that the Contractor supplied EVMS information conforms with the 
information submission requirements and performance criteria of this BPA. 

C.4 AS 2401 - Protection of Confidential Information (DEC 2008) 

(a) Confidential information, as used in this clause, means information or data, or copies or extracts 
of information or data, that is: (1) provided by the Social Security Administration (SSA) to the 
contractor for, or otherwise obtained by the contractor in, the performance of this contract; and (2) 
of a personal nature about an individual, such as name, home address, and social security number, 
or proprietary information or data submitted by or pertaining to an institution or organization, such 
as employee pay scales and indirect cost rates. 

(b) The Contracting Officer and the Contractor may, by mutual consent, identify elsewhere in this 
contract specific information or categories of information that the Government will furnish to the 
Contractor or that the Contractor is expected to generate which are confidential. Similarly, the 
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Contracting Officer and the Contractor may, by mutual consent, identify such confidential 
information from time to time during the performance of the contract. The confidential information 
will be used only for purposes delineated in the contract; any other use of the confidential 
information will require the Contracting Officer's express written authorization. The Contracting 
Officer and the Contractor will settle any disagreements regarding the identification pursuant to the 
"Disputes" clause. 

(c) The Contractor shall restrict access to all confidential information to the minimum number of 
employees and officials who need it to perform the contract. Employees and officials who need 
access to confidential information for performance of the contract will be determined in conference 
between SSA's Contracting Officer, Contracting Officer's Technical Representative, and the 
responsible Contractor official. Upon request, the Contractor will provide SSA with a list of 
"authorized personnel," that is, all persons who have or will have access to confidential information 
covered by this clause. 

(d) The Contractor shall process all confidential information under the immediate supervision and 
control of authorized personnel in a manner that will: protect the confidentiality of the records; 
prevent the unauthorized use of confidential information; and prevent access to the records by 
unauthorized persons. 

(e) The Contractor shall inform all authorized personnel with access to confidential information of 
the confidential nature of the information and the administrative, technical and physical safeguards 
required to protect the information from improper disclosure. All confidential information shall, at 
all times, be stored in an area that is physically safe from unauthorized access . See paragraph (f) 
below regarding the minimum standards which the safeguards must meet. 

(f) Whenever the Contractor is storing, viewing, transmitting, or otherwise handling confidential 
information, the Contractor shall comply with the applicable standards for security controls that are 
established in the Federal Information Security and Management Act (FISMA) . (These standards 
include those set by the National Institute of Standards and Technology (NIST) via the Federal 
Information Processing Standards (FIPS) publications and NIST Special Publications, particularly 
FIPS 199 , FIPS 200 , and NIST Special Publications - 800 series .) 

(g) If the Contractor, in the performance of the contract, uses any information subject to the 
Privacy Act of 1974, 5 U.S.C. 552a, and/or section 1106 of the Social Security Act, 42 U.S.C. 1306, 
the Contractor must follow the rules and procedures governing proper use and disclosure set forth 

in the Privacy Act, section 1106 of the Social Security Act, and the Commissioner's regulations at 
20 C.F.R. Part 401 with respect to that information. 

For knowingly disclosing information in violation of the Privacy Act, the Contractor and Contractor 
employees may be subject to the criminal penalties as set forth in 5 U.S.C. Section 552(i)(l) to the 
same extent as employees of SSA. For knowingly disclosing confidential information as described 
in section 1106 of the Social Security Act (42 U.S.C. 1306), the Contractor and Contractor 
employees may be subject to the criminal penalties as set forth in that provision. 
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(h) The Contractor shall assure that each Contractor employee with access to confidential 
information is made aware of the prescribed rules of conduct, and the criminal penalties for 
violations of the Privacy Act and/or the Social Security Act. 

(i) Whenever the Contractor is uncertain how to handle properly any material under the contract, 
the Contractor must obtain written instructions from the Contracting Officer addressing this 
question. If the material in question is subject to the Privacy Act and/or section 1 106 of the Social 
Security Act or is otherwise confidential information subject to the provisions of this clause, the 
Contractor must obtain a written determination from the Contracting Officer prior to any release, 
disclosure, dissemination, or publication. Contracting Officer instructions and determinations will 
reflect the result of internal coordination with appropriate program and legal officials. 

(j) Performance of this contract may involve access to tax return information as defined in 26 
U.S.C. Section 6103(b) of the Internal Revenue Code (IRC). All such information shall be 
confidential and may not be disclosed without the written permission of the SSA Contracting 
Officer. For willfully disclosing confidential tax return information in violation of the IRC, the 
Contractor and Contractor employees may be subject to the criminal penalties set forth in 26 U.S.C. 
Section 7213. 

(k) The Government reserves the right to conduct on-site visits to review the Contractor's 
documentation and in-house procedures for protection of and security arrangements for confidential 
information and adherence to the terms of this clause. 

(1) The Contractor must include this clause in all resulting subcontracts whenever there is any 
indication that the subcontractor(s), engaged by the contractor, and their employees or successor 
subcontractor(s) and their employees might have access to SSA's confidential information. 

(m) The Contractor must assure that its subcontractor(s) and their employees or any successor 
subcontractor(s) and their employees with access to SSA confidential information are made aware 
of the prescribed rules of conduct. For knowingly disclosing SSA's confidential information, any 
subcontractor(s) and their employees or successor subcontractor(s) and their employees may be 
subject to criminal penalties as described in section 1 106 of the Social Security Act (42 U.S.C. 
1306) and the Privacy Act (5 U.S.C. 552a). 

C.5 Security Requirements 

All personnel working under the authority of the BPA must have a current level 5C security 
clearance that is approved by SSA or an active 5C security clearance. Clearances granted by 
agencies other than SSA will be considered. 

In the event any contractor personnel does not have a current, SSA- accepted clearance at the time 
of award of the order, those individuals must undergo an appropriate Background Check in 
accordance with SSA's System Security Handbook and Suitability Procedures and the requirements 
of Paragraph B, Security Requirements Clause, below shall apply. 
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C.5.1 AS 0401 Security And Suitability Requirements (JUN 2011) 

a. Acronyms and Definitions 

• Access to a facility, site, system, or information means physical access to any 
Social Security Administration (SSA) facility or site, logical access to any SSA 
information system, or access to programmatic or sensitive information. 

• CO - Contracting Officer 

• Contractor - In this clause, this term means any entity that has a relationship with 
SSA because of this contract. This term includes, but is not limited to, corporations, 
limited liability partnerships, and individuals. 

• CPOC - Company Point of Contact as specified by the contract 

• CPSPM - Center for Personnel Security and Project Management 

• COTR - Contracting Officer' s Technical Representative 

• Contractor Employee - In this clause, this term means a person hired by an SSA 
contractor to provide services in exchange for compensation. 

• PIV - Personal Identity Verification 

• Subcontractor - In this clause, this term means any entity that has a relationship 
with SSA's contractor because of this contract. This term includes, but is not limited 
to, corporations, limited liability partnerships, and individuals. 

• Subcontractor Employee - In this clause, this term means a person hired by a 
subcontractor to provide services in exchange for compensation. 

• eQIP - Electronic Questionnaire for Investigations Processing 

b. Purpose 

This clause provides SSA's policies and procedures concerning the conduct of 
background investigations (i.e. suitability determinations). The purpose of these 
investigations is to determine the suitability of contractors, contractor employees, 
subcontractors, and subcontractor employees who need access to an SSA facility, site, 
system, or information. If applicable, the clause also describes the process to obtain a 
PIV credential. 

c. PIV Credentials 

A PIV credential will be required for: 

o Any contractor, contractor employee, subcontractor, or subcontractor employee 
requiring access to a SSA information system or routine, unescorted access to a 
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SSA facility or site for a period of six months or more. (See Paragraph k. for 
more information.) 

A PIV credential will not be required for: 

o Any contractor, contractor employee, subcontractor, or subcontractor employee 
requiring escorted access to a SSA facility or site for less than six months. 

o Any contractor, contractor employee, subcontractor, or subcontractor employee 
requiring infrequent escorted access to a SSA facility or site, even if the access 
may be longer than six months. For example, contractors or contractor 
employees who provide infrequent facilities/equipment maintenance or repair, 
conduct onsite shredding, etc. 

Please Note : A background investigation is required any time a contractor, contractor 
employee, subcontractor, or subcontractor employee requires any type of access to a 
facility, site, system, or information regardless of whether a credential is required or not. 

The contractor is required to include the substance of this clause in any subcontract 
where subcontractors and subcontractor employees will have similar access as described 
in the preceding paragraphs. However, the contractor is responsible for obtaining all of 
the required forms (see paragraphs g-i) from its subcontractors and the subcontractors' 
employees, reviewing these forms, and submitting them to SSA. Subcontractors and 
subcontractors' employees shall not submit forms directly to SSA. 

d. Authorities 

• Homeland Security Presidential Directive 12 

• Office of Management and Budget Memorandum M-05-24 

• The Crime Control Act of 1990, Public Law 101-647 , subtitle E, as amended by 
Public Law 102-190 (for childcare center security requirements) 

• Executive Orders 10450 and 12968 and Title 5, Code of Federal Regulations 
(CFR), Parts 731 , 732 and 736 (for positions assigned a "National Security" 
designation) 

e. Background Investigation and Adjudication Process 

The background investigation and adjudication processes are compliant with 5 CFR 731. 

f. Listing of Applicants 

Upon award, the CPOC will provide to SSA an applicant listing of all individuals for 
whom the contractor is requesting a suitability determination (i.e., background 
investigation). This listing should include the contractor's name, the contract number, 
the CPOC's name, the CPOC's contact information, each applicant's full name, each 
applicant's Social Security number (SSN), each applicant's date of birth, and each 
applicant's place of birth (must show city and state if born in the United States (U.S.) 
OR city and country if born outside of the U.S.). The background investigation process 
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does not start until the CPOC submits this applicant listing; therefore, the CPOC should 
submit the listing as soon as practical after award. 

Submit the applicant listing via U.S. Mail to the address located in paragraph i. OR via 
fax to 410-966-0640. 

g. Required Forms 

1) eQIP 

SSA will initiate the eQIP process using the applicant listing provided by the CPOC. 
SSA will email notification to the CPOC that each applicant has been invited into the 
eQIP website to electronically complete their background investigation form. The 
CPOC will provide the website to the applicants to complete their eQIP form. The 
applicant will have up to seven (7) calendar days to complete the eQIP form. The 
seven-day timeframe begins once SSA notifies the CPOC of the eQIP invitation(s). The 
applicant must print the signature pages of the form (pages 5 and 6 for Standard Form 
(SF) 85; pages 7-9 for SF 85P), sign the signature pages, and then provide the signed 
originals to the CPOC. 

2) Paper Forms 

• Two (2) Field Division-258 charts, Applicant Fingerprint Chart (The CO will 
provide the FD-258 charts at the time of contract award.) 

NOTE: The contractor will be responsible for obtaining and providing acceptable 
fingerprints for use by SSA. Regardless of the method used to fingerprint 
contractors, contractor employees, subcontractors, or subcontractor employees, 
(electronic capture or ink) the only acceptable fingerprint chart is the FD-258. 

• Optional Form 306, Declaration for Federal Employment 

http://www.opm.gov/forms/html/of.asp 

• Fair Credit Reporting Act Authorization Form 

Federal Investigations Notice: 98-02 

• Original signed and dated eQIP Signature Pages (See paragraph g. 1 above) 

• If the contractor, contractor employee, subcontractor or subcontractor 
employee is not a U.S. Citizen, the individual must provide SSA with a legible 
photocopy of his or her work authorization permit and Social Security card. 

h. Forms Completion 

The CPOC must ensure all paper forms are fully completed and signed prior to 
submission to SSA. The fingerprint charts and all paper forms must be legible or typed 
in black ink and all signatures must be in black ink. There must be no "breaks" in 
residences or employment. SSA requires complete addresses, including zip codes and 
phone numbers. SSA must receive forms within 30 days of signature and date. 
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SSA will return forms not fully completed to the CPOC. To ensure the forms are 
completed correctly, obtain a sample of a properly completed form at the following 
website: http://www.ssa.gov/oag/acq/Sample Security Requirement Docs%20.pdf . 
Access information related to the eQIP process at: e-QIP - Quick Reference Guide for 
the Applicant . 

i. Forms Submission 

The CPOC shall submit one cover sheet to SSA containing the names of all of the 
individuals for whom the contractor is submitting completed paperwork. This cover 
sheet should include the contract number, each applicant's full name, each applicant's 
SSN, each applicant's date of birth, and each applicant's place of birth. Submit this 
cover sheet along with the completed paper forms and two FD-258 fingerprint charts for 
each applicant to: 

SSA 

CPSPM Suitability Team 
6401 Security Boulevard 
Room 1260 Dunleavy Building 
Baltimore, MD 21235 

Simultaneously, the CPOC must submit a copy of the cover sheet ONLY to the 
COTR. 

The CPOC must submit the paper forms at least 15 days prior to the date work is to 
begin. For new contract employees, subcontractors, or subcontract employees (i.e., 
those who had not previously received a suitability determination under this contract) 
who will need access to a SSA facility, site, information, or system, the contractor must 
submit these forms at least 15 days prior to beginning work under the contract. 

j. Suitability Determination 

A Federal Bureau of Investigation fingerprint check will be used as part of the basis for 
making a suitability determination. This determination is final unless information 
obtained during the remainder of the full background investigation, conducted by the 
Office of Personnel Management, is such that SSA would find the individual unsuitable 
to continue performing under this contract. CPSPM will notify the CPOC, COTR, and 
CO of the results of these determinations. 

No contractor, contractor employee, subcontractor, or subcontractor employee will be 
allowed access to a SSA facility, site, information, or system until CPSPM has issued a 
favorable suitability determination for that contractor, contractor employee, 
subcontractor, or subcontractor employee. 

A contractor is not entitled to an equitable adjustment of the contract because of an 
unfavorable suitability determination(s). Additionally, if SSA determines that the 
number or percentage of unfavorable determinations make successful contract 
performance unlikely, SSA may terminate the contract for cause or default. 
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The contractor must notify the contractor employee, subcontractor, or subcontractor 
employee of any unsuitable determinations as soon as possible after receipt of such a 
determination (see paragraph p., below, for an explanation of the appeals process). 

k. Obtaining a Credential 

Note: This section applies only if the contractor, contractor employee, subcontractor, or 
subcontractor employee will have access to a facility, site, system, or information as 
described in the first bullet of paragraph c. 

Once the contractor, contractor employee, subcontractor, or subcontract employee 
receives notification of an acceptable suitability determination, but prior to beginning 
work under the contract, the contractor, contractor employee, subcontractor, or 
subcontract employee must appear at the respective Regional Security Office or at SSA 
Headquarters Parking and Credentialing Office to begin the credentialing process. The 
contractor, contractor employee, subcontractor, or subcontract employee must present 
the suitability determination letter and two forms of identification at this meeting. At 
least one of the forms of identification must be a Government-issued photo identification 
(ID) (please see Employment Eligibility Verification, 1-9 , for acceptable forms of ID). 
For SSA Headquarters access, a completed Form SSA-4395, Application for Access to 
SSA Facilities, signed by the contractor, contractor employee, subcontractor, or 
subcontract employee and the COTR is also required. The COTR will provide the SSA- 
4395 Form to the contractor, contractor employee, subcontractor, or subcontract 
employee when applicable. 

The contractor must contact the COTR to arrange for credentialing. The COTR is 
responsible for scheduling an appointment for contractors, contractor employees, 
subcontractors, or subcontract employees to meet with the appropriate SSA Parking and 
Credentialing Office or Regional Security Office and obtain a credential. Once the 
COTR makes the appointment, the COTR must contact the contractor to inform the 
contractor of the credentialing appointment(s). The COTR must also arrange for the 
contractor, contractor employees, subcontractors, or subcontract employees to be 
escorted (by either the COTR or a COTR's representative) to the appropriate 
credentialing office at the time of this appointment. 

Credentialing appointments last approximately 15 minutes. Depending on a contractor's 
scheduling needs and availabilities, contractor employees, subcontractors, or subcontract 
employees may be scheduled for credentialing all in one day (this process may take a 
few hours to complete, depending on the number of employees that need to be 
credentialed) or contractor employees, subcontractors, or subcontract employees may 
come in at separate times convenient to the individuals' and the COTR's schedules. 

SSA Headquarters' Parking and Credentialing Office representatives can be reached by 
emailing Parking.and.Credentialing@ssa.gov or calling 410/965-5910. 
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Regional Security Office contact information can be found in the AS 0401 Appendix at 
the end of this clause. 

1. Contractors, Contractor Employees, Subcontractors, or Subcontract Employees 
Previously Cleared by SSA or Another Federal Agency 

If a contractor, contractor employee, subcontractor, or subcontract employee previously 
received a suitability determination from SSA or another Federal agency, the CPOC 
should include this information next to the individual's name on the initial applicant 
listing (see paragraph f.). CPSPM will review the information. If CPSPM determines 
another suitability determination is not required, it will provide a letter to the CPOC and 
COTR indicating the contractor, contractor employee, subcontractor, or subcontract 
employee was previously cleared under another Federal contract and does not need to go 
through the suitability determination process again. 

m. Contractor Notification to Government 

The contractor shall notify the COTR and CPSPM within one business day if the 
contractor, contractor employee, subcontractor, or subcontract employee is arrested or 
charged with a crime during the term of this contract, or if there is any other change in 
the status of the contractor, contractor employee, subcontractor, or subcontract employee 
(e.g., the contractor employee leaves the company; the contractor employee no longer 
works under the contract; the alien status of the contractor, contractor employee, 
subcontractor, or subcontract employee changes) that could affect the suitability 
determination for that individual. The contractor must provide in that notification as 
much detail as possible, including, but not limited to: name(s) of individual whose status 
has changed, contract number, the type of charge(s), if applicable, the court date, and, if 
available, the disposition of the charge(s). 

n. Contractor Return of PIV Credential 

The contractor must account for and ensure that all forms of Government-provided 
identification (PIV credential) issued to a contractor, contractor employee, 
subcontractor, or subcontract employee under this contract are returned to SSA's 
Headquarters' Parking and Credentialing Office or Regional Security Office, as 
appropriate, as soon as any of the following occur: when no longer needed for contract 
performance; upon completion of a contractor's, contractor employee's, subcontractor's, 
or subcontract employee's employment; or upon contract completion or termination. 

o. Government Control 

The Government has full control over and may grant, deny, or withhold access to a 
facility, site, system, or information and may remove contractors, or require the 
contractor to remove contractor employees, subcontractors, or require the subcontractor 
to remove subcontractor employees from performing under the contract for reasons 
related to conduct even after the individual has been found suitable to work on the 
contract (see paragraph q. below). 
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p. Appeals Process for Unsuitable Determinations 

If a contractor, contractor employee, subcontractor, or subcontract employee would like 
clarification or wishes to appeal an unsuitable determination, his/her request must be in 
writing and submitted within 30 days of the date of the unsuitable determination. The 
contractor may not file appeals on behalf of its employees, subcontractors, or 
subcontract employees; rather, contractor employees, subcontractors, or subcontract 
employees must file their own individual appeals. 

The request for clarification and/or the appeal can be emailed to SSA at 
dchr.ope.hspdl 2appeals @ ssa.gov , or mailed to: 

Social Security Administration 

Attn: CPSPM Suitability Program Officer 

6401 Security Boulevard 

Room 1260 Dunleavy Building 

Baltimore, MD 21235 

q. Removal From Duty 

SSA may remove a contractor, or request that the contractor immediately remove or 
cause to be removed any contractor employee, subcontractor, or subcontract employee 
from working under the contract based on conduct that occurs after a favorable 
suitability determination. This includes temporarily removing a contract employee, 
subcontractor, or subcontract employee should the individual be arrested for a violation 
of law pending the outcome of any judicial proceedings. The contractor must comply 
with these requests to remove or cause to have removed any contractor employee, 
subcontractor, or subcontract employee. The Government's determination may be made 
based on, but not limited to, incidents involving the misconduct or delinquency as set 
forth below: 

i. Violation of the Rules and Regulations Governing Public Buildings and Grounds, 41 

CFR 101-20.3. This includes any local badging requirements. 

ii. Neglect of duty, including sleeping while on duty; unreasonable delays or failure to 

carry out assigned tasks; conducting personal affairs while on duty; and refusing to 
cooperate in upholding the integrity of SSA's security program. 

iii. Falsification or unlawful concealment, removal, mutilation, or destruction of any 

official documents or records, or concealment of material facts by willful 
omissions from official documents or records. 

iv. Disorderly conduct, use of abusive or offensive language, quarreling, intimidation by 

words or actions, or fighting. Also, participating in disruptive activities that 
interfere with the normal and efficient operations of the Government. 

v. Theft, vandalism, or any other criminal actions. 
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vi. Selling, consuming, possessing, or being under the influence of intoxicants, drugs, or 

substances that produce similar effects. 

vii. Improper use of official authority or credentials. 

viii. Unauthorized use of communications equipment or Government property. 

ix. Misuse of weapon(s) or tools used in the performance of the contract. 

x. Unauthorized access to areas not required for the performance of the contract. 

xi. Unauthorized access to employees' personal property. 

xii. Violation of security procedures or regulations. 

xiii. Prior determination by SSA or other Federal agency that a contractor, contractor 
employee, subcontractor, or subcontract employee was unsuitable. 

xiv. Unauthorized access to, or disclosure of, agency programmatic or sensitive 
information, or Internal Revenue Service Tax Return information. 

xv. Unauthorized access to an agency Automated Information System. 

xvi. Unauthorized access of information for personal gain (including, but not limited to, 
monetary gain), or with malicious intent. 

xvii. Not providing for the confidentiality of and protection from disclosure of 
information entrusted to them. Certain provisions of the following statutes and 
regulations that apply to Federal employees also apply equally to contractors, 
contractor employees, subcontractors, and subcontract employees: 

The Privacy Act of 1974 

The Tax Reform Act of 1976 and the Taxpayer Browsing Protection Act 

of 1997 
SSA regulation 1 

The Computer Fraud and Abuse Act of 1986 
Section 1106 of the Social Security Act 

xviii. Being under investigation by an appropriate authority for violating any of the 
above. 
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AS 0401 Appendix: Regional Security Offices 

Regional Credentialing Contacts for Contractor Employees 
Region 1 - Boston 

Management and Operations Support, Lenny Nyren - 617-565-2840 
Region 2 - New York 

Center for Materiel Resources, Field Services Team, General Office - 212-264-2603 
Region 3 - Philadelphia 

Center for Materiel Resources, Building Management Team, 
General Office - 215-597-8201 

Region 4 - Atlanta 

Center for Security and Integrity, Coleman Wicks - 404-562-1252 
Region 5 - Chicago 

Management and Operations Support, Building Services Unit 
Sharon Young -312 575-4150 
Evelyn Principe - 3 12 575-6342 
Sofia Luna -312 575-5762 

Carlon Brown -312 575-5957 
Cassandra Murphy - 312 575-5067 

Region 6 - Dallas 

Center for Materiel Resources, Employee Relations, Veronica Drake - 214-767-2221 
Region 7 - Kansas City 

Center for Security Integrity, General Office Line - 816-936-5555 
Region 8 - Denver 

Center for Security and Integrity, Phil Mocon - 303-844-4016 
Region 9 - San Francisco 

Center for Security and Integrity, Cassandra Mapp - 510-970-4124 

Region 10 - Seattle 
Center for Security and Integrity 

Lisa Steepleton - 206-615-2186 

D'etteDay -206-615-2149 
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C.6 Designation of Government Contract Specialist 

Melissa Kloman, Contract Specialist, SSA/ OAG (Office of Acquisitions and Grants), OITA 
(Office of Information Technology Acquisition) has been assigned to administer the contractual 
aspects of this agreement. 

Changes in the Scope of Work, contract cost, price, quantity, and quality or delivery schedule shall 
be made only by a warranted Contracting Officer of the Social Security Administration through a 
properly executed modification. 

All correspondence that in any way concerns the terms or conditions of this contract shall be 
submitted directly to the Contract Specialist at the following address: 

Social Security Administration 
Office of Acquisition and Grants 
Attn: Melissa Kloman 
7111 Security Boulevard 
1 st Floor/ Rear Entrance 

Baltimore, Maryland, 21244 
Telephone: (410) 965-59515 

E-Mail: Melissa.Kloman@ssa.gov 

C.7 AS 4202 Designation of Contracting Officer's Technical Representative (COTR), and 
Alternate COTR (MAY 2012) 



The following Contracting Officer's Technical Representative (COTR) and Alternate COTR will 
represent the Government for the purpose of this BPA: 



NAME 


TITLE 

(e.g. 
COTR, or 
Alt. 
COTR) 


ADDRESS 


TELEPHONE 


EMAIL 


Shelly 
Lieberman 


COTR 


Social Security Administration 
Office of Disability Systems 
Contracts Management Staff 
3-R-20, Operations Building 
6401 Security Blvd. 
Baltimore, Maryland 21235 


410-965-3332 


Shelly. Lieberman® ssa.gov 


Cierra 
Moses 


ALT- 
COTR 


Social Security Administration 
Office of Disability Systems 
Contracts Management Staff 
Room 312 Altmeyer Building 
6401 Security Blvd. 
Baltimore, Maryland 21235 


410-965-6893 


Cierra.Moses @ ssa.gov 
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The COTR or Alternate COTR may not re-delegate the authority outlined in this clause, or the 
authority specified within their COTR designation letters. 

The COTR is responsible for the following general duties: 

(1) Monitoring the contractor's technical progress, including the surveillance and assessment of 
performance and recommending to the Contracting Officer (CO) changes in requirements; 

(2) Interpreting the statement of work (SOW), statement of objective (SOO), or performance 
work statement (PWS), and any other technical performance requirements; 

(3) Performing technical evaluation of requirements as required; 

(4) Performing technical inspections and acceptances required by this BPA; 

(5) Assisting in the resolution of technical problems encountered during performance; 

(6) Certifying invoices or vouchers for payment by confirming the receipt of goods and/or 
services at the contracted price/costs; and 

(7) Initiating a Contractor Performance Assessment Report (CPAR) within 30 days after 
electronic notification that a CPAR is required. 

The alternate COTR is responsible for carrying out the duties of the COTR only in the event the 
COTR can no longer perform his or her duties as assigned, or is unavailable. 

The COTR, Alternate COTR, and Task Manager (TM)(if applicable) are the only Government 
employees authorized by the CO to perform certain functions of the BPA. The COTR and 
Alternate COTR are authorized to perform the functions listed above, and may provide the 
technical direction described below. However, if the BPA calls for the designation of a TM, see 
Section C.7.1 Agency Specific clause 4203, Designation of Task Manager for the authority, 
responsibilities, and limitations of the TM at the task level. 

The CO is the only person with authority to act as agent of the Government under this BPA. Only 
the CO has authority to: 

(1) Direct or negotiate any changes in the SOW, SOO, or PWS; 

(2) Modify or extend the period of performance; 

(3) Change the delivery schedule; 

(4) Authorize reimbursement to the Contractor for any costs incurred during the performance of 
this BPA; or 

(5) Otherwise, change any terms and conditions of this BPA. 

At any time during performance of this BPA, the CO may unilaterally remove or replace the COTR 
or Alternate COTR. 

The CO will provide written notice, transmitted electronically as an attachment to an email, or 
through standard mail carrier, to the contractor, of such designation, or any change thereto, within a 
reasonable amount of time after award, or after notification of a change is necessary. The 
designation letter sets forth the specific authorities, responsibilities, and limitations of the COTR, or 
Alternate COTR under this BPA. 
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Performance of work under this BPA shall be subject to the technical direction of the COTR. The 
term "technical direction" is defined to include, without limitation (except as specified in the COTR 
designation letter), the following: 

(a) Directions to the Contractor, on other than firm- fixed-price contracts, which redirect the 

contract effort, shift work emphasis between work areas or tasks, require pursuit of 
certain lines of inquiry, fill in details or otherwise serve to accomplish the contractual 
SOW; 

(b) Provisions of information to the Contractor, which assists in the interpretation of drawings, 

specifications, or technical portions of the work description; 

(c) Review and, where required by the BPA, approval of technical reports, drawings, 

specifications, and technical information to be delivered by the Contractor to the 
Government under the BPA. 

Technical direction must be within the general scope of the SOW, SOO, or PWS stated in Section B 
of this BPA. The COTR does not have the authority to and may not issue any technical direction 
that affects price, quality, quantity, delivery, or other terms and conditions of the BPA. 

All technical direction will be issued in writing by the COTR or shall be confirmed by the COTR in 
writing within five working days after issuance. 

The Contractor shall proceed promptly with the performance of technical direction duly issued by 
the COTR in the manner prescribed by this clause and within the COTR's authority under the 
provisions of this clause. 

If, in the opinion of the Contractor, any instruction or direction issued by the COTR falls outside 
the authority of the COTR, the Contractor shall not proceed. In this case, the Contractor shall 
notify the CO, or designated Contract Specialist in writing, within five working days after receipt of 
any such instruction or direction and shall request the CO modify the BPA accordingly. Upon 
receiving such notification from the Contractor, the CO shall issue an appropriate modification to 
the BPA, or advise the Contractor, in writing, that, the technical direction is within the scope of this 
clause and does not constitute a change under the "Changes" clause of this BPA. The Contractor 
shall proceed immediately with the direction given. A failure of the parties to agree upon the nature 
of the instruction or direction, or upon the action to be taken with respect thereto, shall be subject to 
the "disputes" clause of the BPA. 
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C.7.1 AS 4203 Designation of Task Manager (TM) (MAY 2012) 

This BPA requires the designation of a TM: 
[Check one] 

At the contract level for one or more contract task(s). The Contracting Officer (CO) will name 

the TM in the CO's designation memorandum, which will specify the contract task(s) and TM's 
associated authority, responsibilities, and limitations; or 

X At the order level. The CO will name the TM in the CO's designation memorandum, which 
will specify the task(s) per order and the TMs associated authority, responsibilities, and 
limitations. 

The TM may not re-delegate the authority outlined in this clause, or the authority specified within 
his or her designation memorandum issued by the CO. 

The TM is responsible for assisting the contracting officer's technical representative (COTR) in the 
technical monitoring and administration of the task(s) specified within the TM's designations 
memorandum through performance and closeout. For example, the TM may be responsible for the 
following general duties per task(s): 

(8) Monitoring the contractor's technical progress, including the surveillance and assessment of 
performance and recommending to the COTR changes in the task(s) requirements; 

(9) Interpreting the statement of work (SOW), statement of objective (SOO), or performance 
work statement (PWS), and any other technical performance requirements as it relates to his 
or her designated task(s); 

(10) Performing technical evaluation of requirements as required; 

(11) Performing technical inspections and acceptances of deliverables under the task(s); 

(12) Assisting in the resolution of technical problems encountered during performance of 
the task(s); 

(13) Reviewing invoices or vouchers to ensure they accurately reflect work completed 
per requirements of the task(s); and 

(14) Completing a Contractor Performance Assessment Report (CPAR) within 30 days 
after electronic notification that a CPAR is required. 

The CO is the only person with authority to act as agent of the Government under this BPA. Only 
the CO has authority to: 

(6) Direct or negotiate any changes in the SOW, SOO, or PWS; 

(7) Modify or extend the period of performance; 

(8) Change the delivery schedule; 

(9) Authorize reimbursement to the Contractor for any costs incurred during the performance of 
this BPA; or 

(10) Otherwise, change any terms and conditions of this BPA. 
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At any time during performance of this BPA, the CO may unilaterally remove or replace the TM. 

The CO will provide written notice, transmitted electronically as an attachment to an email, or 
through standard mail carrier, to the contractor, of such designation, or any change thereto, within a 
reasonable amount of time after award, or after notification of a change is necessary. The 
designation memorandum sets forth the specific authorities, responsibilities, and limitations of the 
TM for each associated task(s) under this BPA. 

Performance of work under the specified tasks shall be subject to the technical direction of the TM. 
The term "technical direction" is defined to include, without limitation (except as specified in the 
TM designation memorandum), the following: 

(d) Directions to the Contractor, on other than firm-fixed-price contracts, which redirect the 
contract effort, shift work emphasis between work areas or tasks, require pursuit of 
certain lines of inquiry, fill in details or otherwise serve to accomplish the contractual 
SOW; 

(e) Provisions of information to the Contractor, which assists in the interpretation of 
drawings, specifications, or technical portions of the work description; 

(f) Review and, where required by the BPA or [task], approval of technical reports, 
drawings, specifications, and technical information to be delivered by the Contractor to 
the Government under the BPA. 

Technical direction for the task(s) must be within the general scope of the SOW, SOO, or PWS 
stated in BPA SS00-08-40029 of this BPA. The TM does not have the authority to and may not 
issue any technical direction that affects price, quality, quantity, delivery, or other terms and 
conditions of the BPA. 

All technical direction will be issued in writing by the TM, or shall be confirmed by the TM in 
writing within five working days after issuance. 

The Contractor shall proceed promptly with the performance of technical direction duly issued by 
the TM in the manner prescribed by this clause and within the COTR's, or TM's authority under the 
provisions of this clause. 

If, in the opinion of the Contractor, any instruction or direction issued by the TM falls outside the 
authority of the TM, the Contractor shall not proceed. In this case, the Contractor shall notify the 
COTR. The COTR will either resolve the issue, or forward the issue to the CO or designated 
Contract Specialist for resolution per Section C7 AS 4202 Designation of Contracting Officer's 
Technical Representative (COTR), and Alternate COTR. 
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C.8 Designation of Contractor's Program Manager 

The performance of the work required by this BPA shall be conducted under the direction of the 
Contractor's Program Manager listed below. The Government reserves the right to disapprove any 
successor to the Contractor's Program Manager listed below. 



NAME: 


Marc Tate, Program Manager 


TELEPHONE NUMBER: 


703-902-5094 




NAME: 


Sean Wardlow, Deputy Program Manager 


TELEPHONE NUMBER: 


703-377-1668 



C.9 Designation of Contractor's Key Personnel 

SSA has determined that the position descriptions listed below are, or may contain labor categories 
that are, essential or "key" to the work being performed under this BPA. The Government reserves 
the right to disapprove any successor to the Contractor's Key Personnel listed below. 



NAME: 


Anthony P. Harris, Senior Associate 


JOB DESCRIPTION: 


Senior Task Lead 


TELEPHONE NUMBER: 


301-543-4440 




NAME: 


Laura Treat Bulebush, Lead Associate 


JOB DESCRIPTION: 


Functional Specialist 


TELEPHONE NUMBER: 


703-909-3671 
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C.10 Designation of Contractor's BPA Administrator 

The Contractor's representative responsible for handling BPA administration is: 



NAME: 


Jordan Green 


TELEPHONE NUMBER: 


301-444-4271 


ADDRESS: 


One Preserve Parkway 
Rockville, MD 20852 



C.ll 2402 Protecting and Reporting the Loss of Personally Identifiable Information: 
Responsibilities Concerning Individual Employees - Alternate I (DEC 2008) 

1. Definitions 

The following terms are defined for the purposes of this clause: 
"Agency" means the Social Security Administration (SSA). 

"Employee(s)" means an individual(s) employed, including, for the purposes of this clause, 
management officials, by either the Contractor or subcontractor that are working under this contract. 

"Handling PII" means having access, either currently or in the future, to personally 
identifiable information (PII), as defined in this clause. 

"Lost, compromised, or potentially compromised PII" means that, while the 
Contractor/employee is in possession of PII, the PII has become physically missing (e.g., it has 
been stolen) or has been otherwise breached so that persons other than authorized users, and for 
other than an authorized purpose, have access or potential access to the PII, regardless of the form 
(e.g., electronic or physical) in which it was stored. Indications of lost, compromised, or potentially 
compromised PII include missing equipment (e.g., laptops and removable storage devices such as 
USB flash or "thumb" drives, CDs, DVDs, etc.) and/or paper documents potentially containing PII, 
as well as actions where PII was emailed in violation of the terms contained in Section 2.(d), 
Emailing PII, below. 

"Personally Identifiable Information" (PII): SSA follows the definition of PII provided by 
the Office of Management and Budget in OMB Memorandum OMB M-07-16 : "The term 
'personally identifiable information' refers to any information which can be used to distinguish or 
trace an individual's identity, such as their name, Social Security number, biometric records, etc. 
alone, or when combined with other personal or identifying information which is linked or linkable 
to a specific individual, such as date and place of birth, mother's maiden name, etc." Other 
examples of PII may include, but are not limited to: Social Security benefit data, official State or 
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government issued driver's license or identification number, alien registration number, government 
passport number, employer or taxpayer identification number, home address, and medical 
information. Within this clause, "PIT" shall specifically mean PII as defined above which: (1) SSA 
has a primary responsibility for and/or interest in protecting; and (2) is made available or becomes 
accessible to the Contractor and/or any subcontractor, including their respective employees, as a 
result of performing under this contract (e.g., under the contract, SSA directly furnishes PII to the 
Contractor/subcontractor, or the Contractor/subcontractor, in order to perform its duties under the 
contract, collects PII from outside sources, such as in a public survey) . Within this definition, 
specific designations of PII under this contract have been identified in the exhibit attached to this 
clause (Attachment B). 

"Secure Area" or "Secure Duty Station" means, for the purpose of this clause, either of the 
following, unless SSA expressly states otherwise on a case-by-case basis: (1) an employee's 
official place of work that is in the Contractor's or subcontractor's established business office in a 
commercial setting, OR (2) a location within SSA or other Federal- or State-controlled premises. A 
person's private home, even if it is used regularly as a "home office" (including that of a Contractor 
or subcontractor management official), shall not be considered a secure area or duty station. 

2. Employee Responsibility in Safeguarding PII 

The Contractor shall establish, maintain, and follow its own policy and procedures to protect 
PII, including those for reporting lost or compromised, or potentially lost or compromised, PII (see 
Section 4. (a), below). The Contractor shall inform its employees handling PII of their individual 
responsibility to safeguard it. In addition, the Contractor shall, within reason, take appropriate and 
necessary action to: (1) educate employees on the proper procedures designed to protect PII, as 
described below and as otherwise approved by the Agency; and (2) enforce their compliance with 
the policy and procedures prescribed as follows: 

(a) General. Employees shall properly safeguard PII from loss, theft, or inadvertent 
disclosure. Employees are responsible for safeguarding this information at all times, regardless of 
whether or not the employee is at his or her regular duty station. Examples of proper safeguarding 
include, but are not limited to: maintaining the confidentiality of each employee's individual 
password (by not sharing the password with any other individual or entity and not writing it down); 
verifying the identity of individuals before disclosing information to them; preventing others in the 
area from viewing PII on one's computer screen; consistently locking or logging off one's 
workstation when one is away; and ensuring that PII is appropriately returned or, upon receiving 
SSA's approval, destroyed when no longer needed. 

(b) Transporting PII Outside a Secure Area/Secure Duty Station. Note : The term 
"transporting" used here does not include shipping by a common or contract carrier, as defined in 
FAR 47.001 , or by the U.S. Post Office. Terms and conditions regarding shipping of PII will be 
specified in each specific task order, if applicable. 

(1) Employees shall make every reasonable effort to safeguard equipment, files, or 
documents containing PII when transporting information from a secure area/secure duty station. 
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Employees must ensure that the laptops and other electronic devices/media being used to transport 
PII are encrypted and password protected. The Contractor shall make every reasonable effort to 
ensure that the encryption and password protection are in accordance with any SSA-prescribed 
standards or policies which shall be communicated separately from this clause. The standards and 
policies can be found in the Information Systems Security Handbook located at 
http://eis.ba.ssa.gov/ssasso/issh. Employees must use reasonable protection measures when 
transporting PII, e.g., storing files in a locked briefcase, not leaving files and/or equipment in plain 
view. 

(2) Employees transporting PII, including transporting PII duplications, such as electronic 
copies and photocopies, from their secure duty station or an otherwise secured area to an unsecured 
area shall obtain prior approval in accordance with the Contractor's established policy. The 
Contractor shall provide employees with contact information and instructions based on the 
Contractor's security/PII loss incident policy and procedures. ( NOTE : Agency-prescribed contact 
information and instructions for reporting lost or possibly lost PII are discussed in Section 3. 
below .) 

(3) Tracking files. 

Unless the PII is being transported for disposal pursuant to the contract, (see (c) below), the 
Contractor shall, within reason, take appropriate and necessary action to ensure that the file(s) or 
document(s) being physically transported or transmitted electronically outside the secure 
area/secure duty station are tracked through a log: they must be logged out prior to transport as 
well as logged back in upon return. The Contractor can establish any mechanism for tracking as 
long as the process, at a minimum, provides for the following information to be logged: 

• first and last name of the employee taking/returning the material; 

• the name of the file or document containing PII that he/she intends to transport 
from the office; 

• all the forms or media in which the PII was transported (e.g., electronic, such as 
laptop, thumb drive, CD — be as specific as possible; paper, such as paper file 
folders or printouts); 

• the reason he/she intends to transport the file or document containing PII; 

• the date he/she transported the file or document containing PII from the secure 
duty station; and 

• the date he/she returned the file or document containing PII to the secure duty 
station. 

Materials must be returned or documented as destroyed within 90 days of removal from the 
office or have Contractor supervisory approval for being held longer. 

The log must be maintained in a secure manner. Upon request by the Agency, the 
Contractor shall provide the information from the log in a format (e.g., electronic or paper) that can 
be readily accessed by the Agency. 
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(c) Employee Disposal ofPII. The marked statement below applies to this contract: 

[ S ] This contract entails employee disposal of PII. Employees shall follow the procedures 
described in each Task Order when applicable. 

[ ] This contract does not entail employee disposal of PII. The Contractor shall, within 
reason, take appropriate and necessary action to ensure that the procedures detailed in (3) above 
pertaining to the logging of PII that is transported outside a secure area/from their secure duty 
station are followed. 

(d) Emailing PII. The Contractor's corporate or organizational email system is deemed not 
to be secure. Therefore, the Contractor shall put policies and procedures in place to ensure that its 
employees email PII using only the following procedures in (l)-(2), below: 

(1) Sending from an SSA email address. If employees have been given access to the SSA 
email system, they may use it to send email messages containing PII in the body or in an 
unencrypted attachment but only to other SSA email addresses (which contain the "name 
@ ssa.gov" format) or to email addresses belonging to an SSA-certified email system. Email 
directed to any other address(es) may contain PII only if the PII is entirely contained in an 
encrypted attachment . 

(2) Sending from a non-SSA email system. If employees are using the Contractor's own or any 
other non-SSA email system (e.g., Yahoo!, Gmail), they may send email messages transmitting PII 
only if the PII is entirely contained in an encrypted attachment ; none of the PII may be in the body 
of the email itself or in an unencrypted attachment. When emailing from such systems, this 
procedure applies when emailing PII to any email address, including but not limited to, an SSA 
email system address. Unless specifically noted otherwise, the Contractor and its employees are 
expected to conduct business operations under this contract using the Contractor's own email 
system, i.e., in accordance with the foregoing rules for transmitting PII. 

3. Agency-Prescribed Procedures for Reporting Lost, Compromised, or Potentially Compromised 
PII. 

"Lost, compromised, or potentially compromised PII" is defined in Section 1., above. The 
reporting requirement established in this section is for reporting all incidents involving PII, with no 
distinction between suspected and confirmed breaches . 

SSA has its own reporting requirements for PII that is lost, compromised, or potentially 
compromised. The purpose of this section is to ensure that these requirements are met and that 
incident information is shared appropriately. 

(a) Contractor Responsibility. In addition to establishing and implementing its own 
internal procedures referenced in Section 2., above, the Contractor is responsible for taking 
reasonable actions to implement Agency-prescribed procedures described in (c) below for reporting 
lost, compromised, or potentially compromised PII. These include educating employees handling 
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PII about these procedures and otherwise taking appropriate and necessary steps to enforce their 
compliance in carrying them out. 

(b) Potential Need for Immediate, Direct Reporting by the Employee . SS A recognizes that 
Contractor employees will likely make the initial discovery of a PII security breach. When an 
employee becomes aware or suspects that PII has been lost or compromised, he/she is required to 
follow the Contractor's established security/PII loss incident reporting process (see Section 4. (a), 
below). The Contractor's reporting process, along with SSA's (see Section 3. (c) below), shall 
require the Contractor, and not necessarily the employee, in such circumstances to notify SSA of 
the incident. However, the Contractor shall inform each employee handling or potentially handling 
PII that he/she must be prepared to directly notify outside authorities immediately as described in 
(c)(4) below, if, shortly following the incident or discovery of the incident, he/she finds it evident 
that neither an appropriate Contractor nor SSA manager/contact can be reached. The Contractor 
should emphasize to the employee that timeliness in reporting the incident is critical. 

(c) Procedures. 

(1) When an employee becomes aware or suspects that PII has been lost, compromised, or 
potentially compromised (see 1. Definitions, above), the Contractor, in accordance with its incident 
reporting process, shall provide immediate notification of the incident to the primary SSA contact. 
If the primary SSA contact is not readily available, the Contractor shall immediately notify one of 
two SSA alternates, if names of alternates have been provided. (** See Attachment A for the 
identity of the designated primary and alternate SSA contacts .**) The Contractor shall act to 
ensure that each employee, prior to commencing work on the contract, has been given information 
as to who the primary and alternate SSA contacts are and how to contact them. In addition, the 
Contractor shall act to ensure that each employee promptly receives any updates on such 
information as they are made available. Whenever the employee removes PII from a secure 
area/secure duty station, he/she must comply with the Contractor's security policies, including 
having on hand the current contact information for the primary SSA contact and the two alternates. 

(2) The Contractor shall provide the primary SSA contact or the alternate, as applicable, 
updates on the status of the reported PII loss or compromise as they become available but shall not 
delay the initial report. 

(3) The Contractor shall provide complete and accurate information about the details of the 
possible PII loss to assist the SSA contact/alternate, including the following information: 

I. Contact information; 

EE. A description of the loss, compromise, or potential compromise (i.e., nature of 
loss/compromise/potential compromise, scope, number of files or records, type of 
equipment or media, etc.) including the approximate time and location of the loss; 

III. A description of safeguards used, where applicable (e.g., locked briefcase, redacted 
personal information, password protection, encryption, etc.); 

IV. An identification of SSA components (organizational divisions or subdivisions) 
contacted, involved, or affected; 

V. Whether the Contractor or its employee has contacted or been contacted by any 
external organizations (i.e., other agencies, law enforcement, press, etc.); 
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VI. Whether the Contractor or its employee has filed any other reports (i.e., Federal 
Protective Service, local police, and SSA reports); and 

VII. Any other pertinent information 

The Contractor shall use the worksheet (or a copy thereof) following this clause to quickly 
gather and organize information about the incident. 

(4) There may be rare instances outside of business hours when the Contractor is unable to 
reach either the primary SSA contact or any of the alternates immediately. In such a situation, the 
Contractor shall immediately call SSA's Network Customer Service Center (NCSC) at 410-965- 
7777 or toll free at 1-888-772-61 1 1 to file the initial report directly, providing the information in 
(c)(3) above and completing the attached worksheet to the best of its ability. Overall, during this 
time, the Contractor shall cooperate as necessary with the NCSC or any of the other external 
organizations described in (c)(3) above. 

The Contractor shall document the call with the CAPRS (Change, Asset, and Problem 
Reporting System) number which the NCSC will assign. The Contractor shall provide the CAPRS 
number to the primary SSA manager, or, if unavailable, one of the alternates to this manager as 
described above. 

If an employee initially detects the loss, compromise, or potential compromise of PII and 
finds it evident that neither an appropriate Contractor nor SSA manager/contact can be promptly 
reached, the employee shall undertake the foregoing actions prescribed to the Contractor in this part 
(i.e., immediately call the NCSC, document the CAPRS number assigned to the call, etc.). 
(Reference Section 3.(b) above.) 

(5) The Contractor and its employee(s) shall limit disclosure of the information and details 
about an incident to only those with a need to know. The security/PII loss incident reporting 
process will ensure that SSA's reporting requirements are met and that security/PII loss incident 
information is only shared as appropriate. 

4. Additional Contractor Responsibilities When There Is a Loss of PII. 

(a) The Contractor shall have a formal security/PII incident reporting process in place that 
outlines appropriate roles and responsibilities, as well as the steps that must be taken, in the event of 
a security/PII loss incident. The plan shall designate who within the Contractor's organization has 
responsibility for reporting the loss, compromise, or potential compromise of PII to SSA. 

(b) In the event of a security/PII loss incident, the Contractor shall take immediate steps to 
address consequential security issues that have been identified, including steps to minimize further 
security risks to those individuals whose personal information was lost, compromised, or potentially 
compromised. 

(c) The Contractor shall confer with SSA personnel in reviewing the actions the Contractor 
has taken and plans to take in dealing with the incident. 
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(d) The Contractor shall bear the responsibility and any cost for any data breach and/or 
remediation actions that might arise from the security/PII loss incident. If SSA determines that the 
risk of harm requires notification of affected individual persons of the security breach and/or other 
remedies, the Contractor shall carry out these remedies without cost to SSA. 

5. Applicability of this Clause to Subcontractors/Subcontractor Employees 

(a) The Contractor shall include this clause in all resulting subcontracts whenever there is 
any indication that the subcontractor and their employees, or successor subcontractor(s) and their 
employees, will or might have access to PH. 

(b) The Contractor shall, within reason, take appropriate and necessary action to assure SSA 
that its subcontractor(s) and their employees, or any successor subcontractor(s) and their employees, 
with access to PII know the rules of conduct in protecting and reporting the loss or suspected loss of 
PII as prescribed in this clause, such as those regarding the emailing of PII as stated in Section 2.(d) 
above. 

(c) Notification of Subcontractor Handling of PII. If the Contractor engages a 
subcontractor under this contract whose employee(s) will actually or potentially be given or have 
access to PII, the Contractor shall do the following: (1) Notify in advance both the SSA COTR and 
the Contracting Officer of this arrangement, providing the subcontractor name(s) and address(es) 
and, upon request, a description of the nature of the PII to which the employee(s) will actually or 
potentially be given/have access (e.g., phone numbers, Social Security numbers); and 

(2) Provide the SSA Contracting Officer's Technical Representative (COTR) the names of 
the subcontractor employee(s) who will actually or potentially be assigned and/or have access to the 
PII. The Contractor may satisfy this requirement when submitting the name(s) of the subcontractor 
employee(s) to the SSA COTR for the requisite security background check described in Section 6., 
below. 

6. Contractor/Subcontractor Background Checks - Security & Suitability Requirements Clause 

For each Contractor and subcontractor employee handling PII, the Contractor shall fulfill 
the requirements of the Security & Suitability Requirements Clause, found elsewhere in this 
contract, to ensure that any such individual has the appropriate background checks. 
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C.12 AS 3201 INVOICE SUBMISSION AND PAYMENT RELATED INFORMATION 
(DEC 2011) 

The invoice shall include all elements of a proper invoice as defined in the invoice or payment 
clause used in this award and any other information required below or in any other contract clause. 
To assist the Government in making timely payments, include the contractor's Taxpayers 
Identification Number, Data Universal Numbering System number, contract, and the Order Number, 
if any, on each invoice. 

Facsimile (Fax) communication is the preferred method of submission for invoices and public 
vouchers, because the invoice will be received directly into the SSA payment system. If the 
invoice cannot be faxed, submit it electronically via email, by regular mail, or by hand carrying it to 
the Office of Finance at the address below. 

If submitting by fax, use any one of the following fax numbers: 

410 965-8209 
410 965-8251 
410 965-8200 
410 965-8216 
410 966-5425 
410 966-9940 
410 965-3734 
410 965-7533 

If submitting electronically: 

Submit the invoice either as an attachment to an email message, or within the message itself, to: 
OTAPS.DAPS.Invoices@ssa.gov. 

If sent by mail, submit an original and three (3) copies of the invoice to: 

Social Security Administration 
Office of Finance 
Post Office Box 47 
Baltimore, Maryland 21235-0047 

If hand carried, deliver to: 

Social Security Administration 
Office of Finance 
Customer Service Help Desk 
2-B-4 East Low Rise Building 
6401 Security Boulevard 
Baltimore, Maryland 21235-0047 

The telephone number of the finance customer service help desk is (410) 965-0607. 
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The Government will make payment to the Contractor using the Electronic Funds Transfer (EFT) 
information contained in the Central Contractor Registration (CCR) database. In the event that the 
EFT information changes, the Contractor shall be responsible for providing the updated information 
to the CCR database. The EFT information submitted must be that of the contractor unless there is 
an official Assignment of Claims on file with the Office of Finance. 

Remittance information associated with EFT payments is available via the Internet Payment 
Platform (IPP) on the Department of Treasury's Internet site at http://www.ipp.gov. 

The Contractor may also direct payment inquiries to SSA's Office of Finance by: 

* Using its Financial Interactive Voice Response System (FIVR). FIVR is an automated self- 
service telephone system available 24 hours a day that allows direct electronic access to 
administrative payment information using the telephone keypad. The contractor can access FIVR 
by calling (410) 965-0607. The services available through FIVR are available through a 
Telecommunications Device for the Deaf (TDD) Line at 410-597-1395. Customer Service 
Representatives will be available to answer vendor payment inquiries Monday - Friday, between 8 
a.m. and 4:30 p.m., Eastern Time. 

* By sending an email to payment.inquiries@ssa.gov, or visiting the internet site at 
http://www.socialsecurity.gov/vendor/contact.htm. The contractor can also access the IPP system 
through a link on this site. 



Note: Other appropriate and necessary clauses may be added to govern the performance of 
specific task orders over the life of this BPA. 

C.13 Travel Regulations 

Travel costs will be defined when BPA Calls are issued and will be reimbursed at actual costs in 
accordance with applicable Federal travel regulations. 

C.14 0402 Federal Information Security Management Act (FISMA) and Agency Privacy 
Management (OCT 2008) 

1. Definitions 

The following terms are defined for the purposes of this clause: 
'Agency" means the Social Security Administration (SSA). 
"OAG" means the Office of Acquisition and Grants at SSA. 
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2. Agency Responsibility related to FISMA Training Requirements 

The Federal Information Security Management Act of 2002 (FISMA) (Title III, Pub. L. No. 107- 
347) and the Office of Management and Budget (OMB) policy (through Circular A- 130, Appendix 
III) require that all Agency employees, as well as contractor and subcontractor employees working 
under Agency service contacts, receive periodic training in computer security awareness and 
accepted computer security practice of all employees, including contractors. This includes training 
for contractor personnel who do not have access to electronic information systems. The training 
level is tailored to the risk and magnitude of harm related to the required activities. 

SSA's Security Awareness bulletin adequately covers the required IT security and privacy 
awareness training for this contract. The bulletin is located on OAG's internet site (see information 
in Paragraph 3 below). This training does not preclude any additional training specified elsewhere 
in this contract. 

3. Contractor Responsibilities related to FISMA Training Requirements 

a. Following contract award, the contractor shall ensure that all contractor employees performing 
under this contract have signed the security bulletin entitled "SSA Security Awareness: Contractor 
Personnel Security Confirmation." This requirement also applies to contractor employees added to 
the contract after contract performance has commenced. A copy of this form is located on OAG's 
Internet website. 

b. The contractor must receive signed copies of the bulletin from each employee working under the 
contract within 45 days following contract award, or within 45 days after a contractor employee 
begins working under the contract. 

c. The contractor shall send an email to security.awareness.training@ssa.gov, with a copy to the 
contracting officer, within 60 days following contract award and anytime a new contractor 
employee is added to perform work under the contract. The contractor will include in the email the 
number of employees who have signed the security awareness bulletin. 

d. The contractor shall retain copies of these signed bulletins for potential future SSA audits for a 
period of three years after final payment (per FAR 4.703). 

e. For each successive year the contract is in operation, the contractor shall repeat the processes 
described in items 3. a. - d., above, on an annual basis. The contractor must submit the information 
in 3.c, above, within 60 days of: (i) the date the option was renewed, or (ii) the anniversary of the 
contract award date. 

4. Applicability of this Clause to contractor/subcontractor employees 

The contractor is required to include a clause substantially the same as this in all subcontracts 
awarded for technical or support services under the prime contract. This clause shall require the 
subcontractors to report the information listed in Paragraph 3 of this clause to the contractor and the 
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contractor will be responsible for reporting all applicable numbers to SSA. The subcontractor shall 
be responsible for maintaining its signed forms as detailed in Paragraph 3.d. 

C.15 Organizational Conflict of Interest 

(1) Purpose: The primary purpose of this clause is to aid in ensuring that the Contractor: (A) 
does not obtain any unfair competitive advantage over other parties by virtue of its 
performance of this contract; and (B) is not biased because of its current or planned interest 
(financial, contractual, organizational, or otherwise) which relates to the work under this 
contract. 

(2) Scope: The term "Contractor" means any person, firm, unincorporated association, joint 
venture, partnership, corporation, wholly owned or controlled subsidiaries or affiliate 
thereof, any tier subcontractor, or their successors in interest in the activities covered by this 
as a prime contractor, subcontractor, consultant or in any similar capacity. 

(3) Subcontracts: The Contractor shall include this, including this paragraph, in subcontracts of 
any tier which involve the performance of work under this contract as specified in paragraph 
(4) below, or which involve access to information, also covered in paragraph (4) below. The 
use of this in such subcontracts shall be read by substituting the word "Subcontractor" for 
the word "contractor" wherever the word "contractor" appears. 

(4) Application of Exclusion: Since the Contractor may perform analytical, evaluation and 
research work under this contract, including (but not limited to) analytical studies, 
requirements definition, design alternatives recommendations, and market research 
evaluation/recommendations the Contractor shall be ineligible to participate (either as a 
prime or subcontractor) in any resultant acquisition or contractual effort based upon this 
work which requires (but which is not limited to) the acquisition of equipment; proprietary 
software products and/or tools; or the development, test and/or implementation of 
customized software for the term of this contract including any and all optional extensions 
thereof. The Contractor shall provide appropriate documentation, if requested by the 
Contracting Officer, in the event of a dispute and the Contracting Officer's decision shall be 
final. Additionally, the Contracting Officer reserves the right to determine whether a 
particular acquisition or contractual effort is or is not subject to this exclusion. 

(5) Access to and Use of Information: 

(A) If the Contractor, in the performance of this contract or by any other means, obtains 
access to information, such as SSA's plans, policies, reports, studies, financial plans, 
or data, which has not been released to the public, the Contractor agrees not to: 

(i) use such information for any private purposes, unless the information has 
been released to the public; 
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(ii) compete for work at SSA not already covered by the exclusion in paragraph 
(4) above based on such information for a period of six (6) months after 
completion release of such information to the public, whichever is first; 

(iii) submit an unsolicited proposal to the Government which is based on such 
information until one (1) year after release of such information to the public; 
or 

(iv) release such information without prior written approval by the Contracting 
Officer. 

(B) In addition, the Contractor agrees that to the extent it receives, or is given access to, 
any proprietary data or other confidential technical, business, or financial 
information under this contract, it shall treat such information in accordance with 
any restriction imposed on such information. 

(C) The Contractor shall have, subject to the Rights in Data and security provisions/ 
clauses of this contract, the right to use the technical data it first produces under this 
contract for its private purposes, provided that as of the date of such use, all data 
requirements of this contract have been met. 

(6) Remedies: For breach of the above restrictions, or for failure to disclose or 
misrepresentation of any relevant interest required to be disclosed concerning this contract, 
the Government may, at no cost, terminate this contract, disqualify the Contractor for 
subsequent related contractual efforts, and pursue other remedies as may be permitted by 
law or this contract. 

(7) Waiver: Any request for waiver under this clause shall be directed in writing to the 
Contracting Officer and shall include a full description of the waiver request and the reasons 
in support thereof. If it is determined to be in the best interest of the Government, the 
Contracting Officer may grant such waiver in writing. 
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Worksheet for Reporting the Loss, Compromise, or Potential Compromise of Personally 
Identifiable Information 

Contractor and Subcontractor Employees : See last page of this attachment for instructions on completing this 
worksheet. 

1. My primary SSA contact for reporting the loss, compromise, or potential compromise 

of PII is: [ Contracting Officer : Fill in the name and contact information (phone number(s), 
address, etc.) of the primary SSA contact. This should be the COTR] 

The alternates to this primary contact are as follows: 

First Alternate : [ Contracting Officer : Fill in the name and contact information (phone 
number(s), address, etc.) of the First Alternate SSA contact. This should be the Alternate 
COTR.] 

Second Alternate : [ Contracting Officer : Fill in the name and contact information 
(phone number(s), address, etc. ) of the Second Alternate SSA contact.] 

2. Information about the individual making the report to SSA's Network Customer 
Service Center (NCSC): 



Name: 




Position: 




Deputy Commissioner Level Organization: [Contracting Officer: fill in] 


Phone Numbers: 


Work: 


Cell: 


Home/Other: 


E-mail Address: 


Check one of the following: 


Management Official 


Security Officer 


Non-Management 



Additional Information ( to be provided when a contractor or subcontractor employee is 
reporting directly to the NCSC): 

*Contractor/Subcontractor (circle as appropriate): 
**SSA Contract Number (if known): 

3. Information about the data that was lost/stolen: 

Describe what was lost or stolen (e.g., case file, MBR (Master Beneficiary Record) data): 



Which element(s) of PII did the data contain? 



Name 




Bank Account Info 




SSN 




Medical/Health Information 




Date of Birth 




Benefit Payment Info 




Place of Birth 




Mother's Maiden Name 




Address 




Other (describe): 
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Estimated volume of records involved: 
4. How was the data physically stored, packaged and/or contained? 

Paper or Electronic? (circle one): 



If Electronic, what type of device? 



Laptop 




Tablet 




Backup Tape 




Blackberry 


Workstation 




Server 




CD/DVD 




Blackberry Phone # 


Hard Drive 




Floppy Disk 




USB Drive 




Other (describe^ 


>: 



Additional Questions if Electronic: 





Yes 


No 


Not Sure 


a. Was the device encrypted? 








b. Was the device password protected? 








c. If a laptop or tablet, was a VPN SmartCard lost? 








Cardholder's Name: 


Cardholder's SSA logon PIN: 


Hardware Make/Model: 


Hardware Serial Number: 



Additional Questions if Paper: 





Yes 


No 


Not Sure 


a. Was the information in a locked briefcase? 








b. Was the information in a locked cabinet or drawer? 








c. Was the information in a locked vehicle trunk? 








d. Was the information redacted? 








e. Other circumstances: 



5. If the employee/Contractor/subcontractor who was in possession of the data or to whom 
the data was assigned is not the person making the report to the NCSC (as listed in #1), 
information about this employ ee/Contractor/subcontractor: 



Name: 




Position: 




Deputy Commissioner Level Organization: 


[Contracting Officer: fill in] 


Phone Numbers: 


Work: 




Cell: 




Home/Other: 




E-mail Address: 
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Additional Information (to be provided when person who was in possession of the data or 
assigned to the data is a Contractor/subcontractor employee): 
*Contractor/Subcontractor (circle as appropriate): 
**SSA Contract Number (if known): 

6. Circumstances of the loss: 

a. When was it lost/stolen? 

b. Brief description of how the loss/theft occurred: 

c. When was it reported to SSA management official (date and time)? 



7. Have any other SSA components been contacted? If so, who? (Include deputy 
commissioner level, agency level, regional/associate level component names) 

8. Which reports have been filed? (include FPS, local police, and SSA reports) 



Report Filed 


Yes 


No 


Report Number 


Federal Protective Service 








Local Police 










Yes 


No 


SSA-31 14 (Incident Alert) -- Not Applicable for Contractors or 

Subcontractors 






SSA-342 (Report of Survey) -- Not Applicable for Contractors or 

Subcontractors 






Other (describe) 
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INSTRUCTIONS (to the Contractor/Subcontractor Employee) : Worksheet for Reporting 
Loss or Potential Loss of Personally Identifiable Information 

1. If you are reporting the incident to the primary SSA contact , only complete Items 3 through 
6. Special notes regarding Item 5: 

• For "Position," write "Contractor Employee" or "Subcontractor Employee," as 
applicable, followed by a hyphen and your job title under the contract. 

• With respect to Deputy Commissioner Level Organization, this should be the SSA 
Contracting Officer's Technical Representative (COTR)'s Deputy Commissioner 
Office and should already be provided on the form. If it is not (and you do not 
know this), have your primary or alternate contact, as applicable, complete the 
information. 

• Be sure to provide the additional information regarding your 
company/organization's name and, if known, the Agency-assigned contract number. 

2. If you are reporting the incident directly to the NCSC , complete all items to the extent 
possible ( note : Item 4 will be "not applicable"). Special notes regarding Item 2: 

• For "Position," write "Contractor Employee" or "Subcontractor Employee," as 
applicable, followed by a hyphen and your job title under the contract. 

• With respect to Deputy Commissioner Level Organization, this should be the SSA 
COTR's Deputy Commissioner Office and should already be provided on the form. 
If it is not and you do not know this information, try to identify the name of the 
main program office which the contract is servicing (e.g., Office of 
Telecommunications and Systems Operations). 

• Be sure to provide the additional information regarding your 
company/organization's name and, if known, the Agency-assigned contract number. 
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